Chinese emerging AI startup DeepSeek reported on Monday, 27th January 2025, that its systems were hit with cyberattacks, which disrupted users’ ability to register on the site.
They describe the incident as a “large-scale malicious attack” which restricts the registration of new accounts but existing users can continue to use the service.
It’s unclear where the attacks originate from, or what will be necessary to curb the attacks.
Chinese cyber security experts claim the attacks originate from US-based IP addresses.
DeepSeek blew up not long ago and is already leading download charts on Android and iOS platforms. What makes it special is its ability to perform like similar AI chatbots such as Chat GPT and Gemini with less computational power.
The company’s AI model, DeepSeek-R1, was released just last week and the company claims it cost them $6m to train the model.
This innovation raised questions undercutting the belief that high-performance chips are the only way of advancing AI.
According to reports, the emergence of DeepSeek shrunk the value of Nvidia, a chip maker company tagged the most valuable company in the world.
Security concerns of DeepSeek
The concern about the privacy or security of users of DeepSeek stems from the fact that it is a Chinese-based service.
According to them, it stores user data in “secure servers” in China which is a big red flag for some security experts. Their argument is China is a cybercrime-prone country so storing user data in such a country exposes it to enormous threats.
This means that even if DeepSeek itself does not misuse data, the risk of cybercriminals accessing it remains high.
Researchers currently found a vulnerability in DeepSeek’s database exposing publicly highly sensitive user information.
The exposed database is reported to contain more than one million log entries raising serious security questions.
What data does DeepSeek collect?
According to its privacy policy, DeepSeek gathers information in three key categories:
- User-Provided Data: This includes names, email addresses, text inputs, and uploaded files.
- Automatically Collected Data: The app logs details such as device type, IP addresses, usage patterns, cookies, and payment information.
- Third-Party Data Sources: DeepSeek integrates with Apple or Google login services and receives data from advertisers and analytics firms.
How does DeepSeek use user data?
According to DeepSeek, they process user data for a range of purposes: to provide services, enforce terms of use, communicate with users, and review and improve performance.
The company says they may use user information to “comply with our legal obligations, or as necessary to perform tasks in the public interest, or to protect the vital interests of our users and other people”.
Also, they may share user information with third-party companies outside of their control like advertising and analytics companies.
While DeepSeek might be down for now, new users who want to use the platform must understand the risks involved just as using other AI chatbots like Chat GPT and the rest.
About Author
