DeepSeek, the latest AI large language model (LLM) from China, is one of the latest victims of a large-scale cyber attack. Hit by what appears to be a distributed denial-of-service (DDoS) attack aimed at its web chat system and API, the platform was forced to halt all new registrations. While existing users remain unaffected, still enjoying unlimited access to the platform, the incident highlights growing concerns about the security of AI-powered platforms and the risks they potentially present to users.
The Cyber Attack on DeepSeek and its Implications
The release of DeepSeek on January 20, 2025, took the AI space by storm. Founded by CEO Eng. Liang Wenfeng and fully funded by Liang’s quantitative hedge fund, DeepSeek is just one of China’s sprawling AI companies. Based on the R1 reasoning model, this AI chatbot claims to think deeper and solve more complex problems than OpenAI’s o1 reasoning model.
With news that the advanced model was developed at a fraction of the time and cost of rival models like Google’s Gemini and OpenAI’s ChatGPT, thousands flocked to sign up on the platform and give it a try. However, behind the allure of a more advanced LLM, experts began sounding the alarm for potential cybersecurity risks for DeepSeek users.
For example, the Wiz Research team, a cloud security expert, alerted DeepSeek of a publicly accessible ClickHouse database that could allow full database control and potential privilege escalation without any defense mechanism or authentication to the outside world. What’s more, the database was attached to a significant amount of chat history, backend data, and other sensitive information such as log streams, operational details, and API secrets.
Not forgetting that DeepSeek has already been struggling with a series of targeted large scale malicious attacks on its key infrastructure nodes. These repeated breaches not only show critical vulnerabilities in the platform’s architecture but also stand as a stark reminder that we need to stay proactive in our cybersecurity efforts, even as consumers.
How to Minimize Risk Exposure on AI-Powered Internet Apps
The truth is AI-powered internet apps pose an emerging blind spot when it comes to cybersecurity concerns. Ranging from social media to entertainment apps to LLMs, these platforms collect large chunks of user data and often display user posts publicly – allowing cybercriminals to silently collect user information without their consent. The result is we’re grappling with increased rates of compromised passwords, impersonation scams, as well as targeted phishing attacks.
While securing these platforms is largely the developer’s responsibility, it’s most important for users to adapt forward-thinking strategies to protect their personal data. That way, they reduce risk while interacting with such platforms. Practical tips to remember include:
Exercise Caution with the Personal Details You Share
Hardly a day goes by without people sharing their personal information online. Be it online shopping, making internet payments, or even gaming, we hand over our emails, phone numbers, and other sensitive details without questioning privacy or security risks. However, it’s vital to note that not all information requests are necessary, let alone legit.
That’s why it’s essential to limit the amount of personal data you share. When shopping online, only share what is absolutely necessary. If you prefer online gaming, choose platforms like social casinos, where you’ll enter minimal info yet still access the full online gaming experience, complete with social interactive features.
In fact, playing at a social casino doesn’t involve real money play, meaning you don’t have to link your sensitive accounts like a primary email or financial accounts. All you need to do is sign up, collect your free virtual coins, and start playing your favorite casino-style games.
Set Up Hard-to-Guess, One-of-a-Kind Passwords
Reports from the Bitwarden World Password Day Survey show that more than half of internet users reuse their passwords. Seemingly a convenient habit, repurposing passwords, especially across all your AI-powered internet apps, increases the risk of compromising passwords of multiple accounts, even if just one gets breached.
That said, ensure every password connected to an AI platform is strong and unique. And instead of using computer generated passwords, opt to create unpredictable passwords featuring a combination of symbols, letters, and numbers. Use a password manager to help you remember your password. When possible, activate multi-factor authentication for an extra layer of security.
Stay on Alert for Phishing Attempts
Fake messages and scams remain a prevalent way for cybercriminals to capture user information. On top of that, with bad actors employing AI capabilities to create more sophisticated phishing emails, fake messages, and websites, the threat is even more real in 2025. These deceptive attempts can look nearly identical to legitimate communications, tricking even the most cautious users.
Beware of phishing attempts from AI-powered platforms, especially after news of a cyberattack incident. Likewise, always verify the source before downloading attachments or clicking on links. Whenever in doubt, directly visit the official website or contact support.
Stay Vigilant Against Cyber Threats
While DeepSeek was reportedly able to circumvent the targeted cyberattacks, the situation was still a wake-up call for developers and internet users alike. Users must stay alert and prepared when it comes to protecting their data. Read privacy policies, choose transparent platforms, regularly update security settings, be cautious with unfamiliar links, and stay informed about emerging threats to guarantee your digital safety and privacy.