Concerns Over Major Data Breach at Chinese Chatbot DeepSeek

Remarqz does not use DeepSeek

More than a million user chats were publicly accessible this week, raising concerns over a significant data breach at the Chinese chatbot DeepSeek. This also included sensitive information, according to the American cybersecurity company Wiz, which discovered the breach.

Among the leaked data were entire chat logs of users, detailing conversations between DeepSeek’s chatbot and users of the AI program. Wiz found that private information was publicly available while investigating DeepSeek’s digital infrastructure—essentially, the foundation of the app.

"They fixed the breach in less than an hour," said Wiz employee Ami Luttwak. "But it was so easy to find that we believe we are not the only ones who discovered it."

The researchers stated that they found the sensitive information "within minutes." However, it proved much harder to inform the people behind DeepSeek about the issue. They sent their findings to every email address and LinkedIn profile linked to DeepSeek.

The American researchers received no response to these messages. However, within half an hour, the breach was sealed, and the sensitive data was locked down. "This is a dramatic mistake," Luttwak told the American tech site WIRED. "It means that the service is not ready at all to handle sensitive data."

DeepSeek Grips the Tech World

According to news agency Reuters, the people behind DeepSeek did not immediately respond to a request for comment on the breach. This week, the Chinese company shook up the tech world. The AI chatbot is capable of competing with the best AI assistants globally. This is remarkable because DeepSeek claims to be developed at a fraction of the cost of programs like ChatGPT.

Like ChatGPT, DeepSeek allows users to have conversations and ask for solutions to problems. However, this does not apply to topics sensitive in China. For example, users receive no answers to questions about the 1989 Tiananmen Square protests or other (geo)political issues involving China.

Alongside the tech industry, investors and stock market analysts are also closely monitoring DeepSeek. For a long time, it was assumed that developing artificial intelligence required expensive computer chips. DeepSeek appears to demonstrate that this is not necessarily the case, though there is debate about whether the Chinese company is truly transparent about the chips used and the associated costs.

Nevertheless, the situation is making investors nervous. The stock prices of AI-focused tech companies dropped significantly following DeepSeek's presentation. Companies like NVIDIA, Meta, and Microsoft saw declines, and even the Dutch chipmaker ASML's stock fell by 9%, though it later rebounded due to strong quarterly earnings.

Even though the data breach has been sealed, discussions around DeepSeek are far from over. The Italian data protection authority Garante has blocked DeepSeek. The watchdog wants to know what personal data the chatbot collects and to what extent it is stored in China. So far, no clarification has been provided on these concerns.