DeepSeek AI Soars in Popularity, but Privacy Flaws Put Data at Risk

The AI world can’t stop talking about DeepSeek, the viral chatbot app that’s rocketed to the top of mobile download charts. But behind the buzz lies a serious issue—your privacy may be more at risk than you think.

According to a February report by mobile security firm NowSecure, DeepSeek suffers from multiple critical security flaws that could leave user data wide open to exploitation. While it may be the latest must-try AI tool, security experts are urging caution before you engage with the app.

What’s Wrong With DeepSeek? NowSecure Flags Major Privacy Concerns?

NowSecure’s technical analysis reveals several alarming issues that undermine DeepSeek’s trustworthiness when it comes to handling your personal information. Here’s a breakdown of the most serious problems:

Unencrypted Data Transmission

DeepSeek sends sensitive user data over the internet without encryption, making it easy for attackers to intercept or alter it. This leaves you vulnerable to man-in-the-middle (MITM) attacks, where hackers can eavesdrop or manipulate the information exchanged between you and the app.

Weak and Hardcoded Encryption Keys

The app uses outdated Triple DES encryption—a legacy method considered insecure by modern standards. Even worse, initialization vectors are reused, and encryption keys are hardcoded into the app, violating basic cybersecurity principles. This makes it trivial for skilled attackers to decrypt sensitive information.

Insecure Data Storage

Usernames, passwords, and encryption keys are all stored insecurely within the app. This creates a high risk of credential theft, potentially exposing your login credentials to bad actors.

Why This Matters: DeepSeek’s Popularity Makes It a Bigger Target

With millions of downloads and rapidly growing popularity, DeepSeek has become a magnet for attention—not just from users, but from hackers as well. In the world of cybersecurity, popular apps with weak protections are low-hanging fruit for attackers looking to exploit flaws at scale.

NowSecure’s findings raise serious red flags, especially since many users may not realize the risks they’re taking just by logging in. Apps that handle sensitive data, especially those using AI chat models, must follow industry best practices. Unfortunately, DeepSeek falls short in key areas, putting user data at unnecessary risk.

Still Want to Try DeepSeek? Here’s How to Protect Yourself

If you’re curious about DeepSeek but want to stay safe, there are a few practical steps you can take to minimize your exposure:

1. Don’t Share Personal or Sensitive Data

Treat DeepSeek like a public forum—never input private information, including names, addresses, passwords, or anything else you wouldn’t want leaked. With the app’s known vulnerabilities, what you type could potentially be intercepted.

2. Use a Unique Username and Password

Since DeepSeek doesn’t store credentials securely, it’s vital to create a unique login that you don’t use anywhere else. Reusing the same password across multiple accounts could result in a domino effect if your credentials are compromised.

3. Avoid Installing on Sensitive Devices

Do not use DeepSeek on work, government, or enterprise devices. If you’re handling confidential data or have privileged access to systems, steer clear. Any breach through DeepSeek could risk much more than your chatbot history.

There’s no denying that DeepSeek is one of the hottest AI apps right now, and its capabilities are impressive. But security should never be an afterthought, especially when an app deals with your personal data.

Thanks to NowSecure’s in-depth report, we now know that DeepSeek’s current security practices are seriously lacking—from unencrypted traffic to flawed encryption techniques and unsafe data storage.

If you do choose to use DeepSeek, do so with your eyes open. Use strong, unique credentials, avoid typing anything sensitive, and most importantly, keep it off your most important devices.