DeepSeek Security Breach: Cybercriminals Exploit Open Database

Thu 30th Jan, 2025

In recent developments surrounding the artificial intelligence company DeepSeek, it has come to light that cybercriminals are capitalizing on the excitement surrounding the firm. Reports indicate that a database containing sensitive information was left exposed on the internet, leading to serious security concerns.

Security researchers discovered a publicly accessible ClickHouse database linked to DeepSeek, which was entirely open and lacked any form of authentication. This oversight allowed unauthorized access to a significant amount of sensitive data, including chat logs, backend information, API secrets, and operational details. The researchers noted that the database was hosted on two addresses, 'oauth2callback.deepseek.com:9000' and 'dev.deepseek.com:9000'. Such vulnerabilities could potentially offer malicious actors complete control over the database.

In light of the database exposure, DeepSeek took immediate steps to secure its information. However, the situation has attracted the attention of fraudsters who are creating fake cryptocurrencies and distributing malware using counterfeit websites that mimic DeepSeek.

One such fraudulent token, misleadingly named after DeepSeek and based on the Solana blockchain, reportedly achieved a market capitalization of approximately $49 million within a few days. However, this figure plummeted to around $4 million shortly thereafter. Another clone token saw short-lived success, reaching a market cap of $13 million before collapsing to $2 million.

DeepSeek has publicly distanced itself from these fraudulent activities, emphasizing that it has not launched any cryptocurrencies. The company urged the public to remain vigilant against scams and confirmed that its only official communication is through its verified social media accounts.

Despite the company's reassurances, it appears that DeepSeek's security measures were not only deficient regarding the exposed database but also insufficient in protecting its web presence. Cybercriminals have registered various top-level domains (TLDs) such as .ai, .org, .app, and .top under names resembling DeepSeek, allowing them to create counterfeit websites that may spread malware.

In addition to these security breaches, DeepSeek has faced cyberattacks that have affected the performance and availability of its services. Although the company has implemented several countermeasures to restore account registration capabilities, the incidents have raised significant concerns regarding its cybersecurity posture.

As the situation unfolds, users are advised to stay informed and exercise caution, particularly in light of the ongoing risks associated with fraudulent activities and data breaches.


More Quick Read Articles »