DeepSeek is Leaking Sensitive Information, Says a Report from a Cloud Security Firm

Wiz, an American cloud security firm, revealed that it found a publicly available database linked to DeepSeek. This database is ‘completely open and unauthenticated’ and exposes sensitive data. It contains chat history, backend data, API secrets, and operational details. 

The database was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000, as per the reports. 

“More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defence mechanism to the outside world,” added the report. 

Wiz highlighted a specific table that contained more than 1 million log entries featuring highly sensitive data. 

Owing to such concerns, the United States Navy recently banned DeepSeek and warned its members to avoid using it for any purpose, whether work or personal. 

In another instance, the DeepSeek app was made unavailable from Apple’s App Store and Google’s Play Store in Italy soon after the country’s data protection authority sought information on how personal data was used. 

Furthermore, Ireland’s Data Protection Commission (DPC) has also requested information about data processing. 

Even Australia’s treasurer, Jim Chalmers, reportedly urged his citizens to exercise caution when using the AI platform. 

In its privacy policy, DeepSeek mentions that it collects network connection information, which includes “your device model, operating system, keystroke patterns or rhythms, IP address, and system language.”.

“The personal information we collect from you may be stored on a server located outside of the country where you live. We store the information we collect in secure servers located in the People’s Republic of China,” read another section of the privacy policy. 

Rajeev Chandrasekhar, former Indian IT minister, took to X and asked if DeepSeek was on the path to becoming the next TikTok.

“Only safe and trusted AI should be offered to/be available on the global internet to consumers,” Chandrasekhar cautioned. 

“The world doesn’t need and must not enable a TikTok of AI,” he added. 

However, given its open-source nature, data privacy problems could be mitigated if the model is run locally. 

India’s IT minister, Ashwini Vaishnaw, said the country will host DeepSeek on domestic servers. Similarly, Perplexity offers DeepSeek-R1 on its platform and hosts the model on servers in the United States.