What Does DeepSeek’s Cyber Attack Mean for Data Privacy?

By Matt High
Share
DeepSeek claims its R1 model can match or outperform systems from established players like OpenAI. Pic: Getty Images
A week after its launch disrupted the global AI market and caused tumult in US markets, DeepSeek suffered a malicious cyber attack. Here’s what happened.

A week is a long time in AI. Just ask DeepSeek. Seven days after launching its latest R1 AI assistant model, which the Chinese startup claims can outperform the likes of OpenAI and Google at a fraction of the cost, DeepSeek skyrocketed to the No. 1 spot in global app stores, displacing OpenAI on its way. 

A day later the company’s rapid rise in popularity was potentially stifled by a reported large-scale cyber attack that forced it to pause new customers from outside of China from registering to use the app.

While DeepSeek has yet to provide more details on the extent or type of attack it faced, it says it has since implemented a fix and is ‘monitoring the results’. 

According to Toby Lewis, Head of Threat Analysis at Darktrace, the attack likely falls into one of several scenarios: “the most probable being simply a victim of their own success – what we in tech circles call the 'Slashdot effect,' where their infrastructure buckled under unexpected user demand following their viral moment on the App Store.”

Toby Lewis, Head of Threat Analysis at Darktrace

Lewis says the incident serves as a reminder that security must be woven into the foundations of AI systems from the outset.

Malicious cyber attack: what we know

DeepSeek began investigating the issue on Monday night Beijing time, posting a notification on its status page that it had been the victim of a ‘large-scale malicious attack’. 

Youtube Placeholder

As a result, the company said it had temporarily limited new registrations while allowing existing users to log in as usual. The issue was reportedly solved shortly after, with DeepSeek opening up the app to new users while continuing to monitor activity. 

According to Jake Moore, Global Cybersecurity Advisor at ESET, DeepSeek’s sudden ascendency may have made it a prime target for cyber attackers. Moore says that this is a common challenge for new platforms suddenly dominating the spotlight. 

Jake Moore, Global Cybersecurity Advisor at ESET

“It can act as a huge honeypot for cybercriminals,” he explains. “This is typical for any new platform that dominates the media and can attract multiple groups of threat actors looking for any potential vulnerability to exploit. Such attacks should act as a reminder to bolster existing defences and to expect the unexpected – especially when attention grows quickly.”

What does DeepSeek do with your data?

The speed of AI development and the rapid growth and uptake of apps like DeepSeek makes for an increasingly complex threat landscape, equipping malicious actors with advanced tools to compromise confidential data. 

The US government’s recent regulatory action against TikTok highlights ongoing concerns over potential user data collection by the Chinese government. US President Donald Trump recently granted TikTok a 75-day extension to comply with legislation requiring its sale, signed by former President Joe Biden because of national security concerns.

“People are already worried about how much data social media firms have access to, so just imagine what the risks could be with Chinese foundational models being trained on all your data,” says Dan Schiappa, Chief Product Officer at Arctic Wolf. 

“Considering DeepSeek limited its registrations due to a cyber attack, you have to wonder whether it has the appropriate security and policies in place to maintain privacy. Likewise, China could continue its trend of IP theft and replicating US and European technologies.”

Key facts
  • DeepSeek reached #1 in global app stores just 1 week after launching its R1 model
  • It took only 7 days from the R1 launch to displace OpenAI as the top app
  • The US gave TikTok a 75-day extension to comply with legislation requiring its sale due to security concerns over Chinese apps

DeepSeek is clear about how it collects and uses data. The company’s privacy policy states: ‘We store the information we collect in secure servers located in the People’s Republic of China’. 

AI and the enterprise

DeepSeek’s claimed capabilities and low-cost model make it a potentially attractive proposition for enterprise customers. For these businesses AI adoption already poses many security risks including data breaches, deepfakes and misinformation, malware distribution, and data bias. 

Darren Guccione, CEO and Co-founder of Keeper Security

Keeper Security’s Darren Guccione warns future DeepSeek users to consider the threat landscape before implementing AI in their own organisations: “It may seem like a step forward, but organisations must carefully consider the risks – particularly when these platforms operate within regulatory environments where data access and oversight are less transparent.

“Inputting sensitive company information into these systems could expose critical data to state-controlled surveillance or misuse, creating a Trojan Horse into an organisation and all of its employees.”


Explore the latest edition of AI Magazine and be part of the conversation at our global conference series, Tech & AI LIVE

Discover all our upcoming events and secure your tickets today.


AI Magazine is a BizClik brand

Share

Featured Articles

AWS and Exclusive Networks: enhancing cloud security

Exclusive Networks has signed two agreements with AWS that enhance its cloud capabilities and provide advanced cybersecurity solutions

Arctic Wolf Completes Acquisition of Blackberry's Cylance

Arctic Wolf will incorporate Blackberry's Cylance endpoint security assets into its Aurora platform, helping organisations reduce risk exposure

AI-Powered Fraud on the Rise for Financial Institutions

Data from AuthenticID has found a rise in deepfake-related fraud attempts and synthetic identity fraud for finance firms

Sophos: Gen AI Flaws Could Negatively Impact Cybersecurity

Technology & AI

Is the UK Government Ready to Face Severe Cyber Threats?

Cyber Security

KnowBe4: Cyber Insurance Claims Hit Record Levels

Cyber Security