DeepSeek Exposes Major Cybersecurity Blind Spot – Source: www.securityweek.com

The buzzword of this month is DeepSeek. The emergence of this Chinese AI company, which reportedly developed its R1 chatbot at a fraction of the cost of competitors like OpenAI’s ChatGPT and Google’s Gemini, sent ripples through the U.S. tech stock market and sparked discussions on AI infrastructure costs and competitiveness. However, a more alarming issue emerged, as millions of uninformed users, including government employees, flocked to DeepSeek’s website, registering and sharing personal information without considering security or privacy risks. This lack of caution is common when it comes to social media and Internet apps. Despite security awareness training, users often drop their guard when engaging with these platforms, making them prime targets for cyber adversaries. Attackers exploit the data harvested from these applications to lay the foundation for sophisticated cyberattacks.

Many users are blinded by the immediate benefits of new platforms like DeepSeek, disregarding privacy policies upon signing up. If they did review these policies, they would realize DeepSeek collects a vast array of data—far surpassing even TikTok, a known national security concern. In addition to user input (text, audio, chat history, and uploaded files), DeepSeek automatically collects IP addresses, unique device identifiers, device model and operating system, keystroke patterns or rhythms, system language, as well as user IDs and cookies. Much of this data is unnecessary for AI query purposes, raising significant privacy concerns.

The Threat of Social Media and Internet Apps

Social media and Internet apps present a major blind spot in cybersecurity. Because these platforms often display user posts publicly, attackers can silently gather data without the user’s knowledge. Information shared on social media can be exploited to guess passwords, impersonate individuals, or craft targeted phishing attacks.

Attackers often target businesses, as they offer higher rewards. A common attack strategy involves:

1. Target Selection – Reviewing LinkedIn for high-value corporate employees and low-privilege users who may be more susceptible to social engineering.
2. Data Collection – Scouring social media for personal details such as pet names, favorite sports teams, or education history—clues that can be used to guess passwords or answer security questions.
3. Attack Execution – Deploying phishing emails, brand impersonation, malware, and social engineering tactics to gain access to credentials, leading to potential data breaches.

How to Minimize Risk Exposure

To reduce security risks associated with social media and Internet apps, follow these key measures:

• Study Privacy Policies
  • Review the service provider’s privacy policy to assess what data is collected and conduct a risk evaluation.
• Strengthen Account Security
  • Use strong, unique passwords for each account.
  • Enable multi-factor authentication (MFA) whenever possible.
  • Avoid sharing login credentials.
  • Regularly update passwords and security questions.
• Protect Personal Information
  • Limit personal details shared online, especially when interacting with AI-driven platforms.
  • Adjust privacy settings to control who can view your information.
  • Disable location sharing when unnecessary.
  • Avoid posting sensitive details such as addresses, phone numbers, financial data, or business IP.
• Be Cautious of Phishing and Scams
  • Avoid clicking on suspicious links in emails or messages.
  • Verify the authenticity of friend requests and direct messages.
  • Be alert to fake profiles and impersonators.
• Review App Permissions
  • Download apps only from trusted sources (Google Play Store, Apple App Store).
  • Regularly review and adjust app permissions (e.g., camera, microphone, location access).
  • Revoke access to unused apps.
• Keep Software Updated
  • Regularly update social media apps and devices to patch security vulnerabilities.
  • Install security updates for your operating system and browser.
• Monitor Account Activity
  • Check account activity and login history for unauthorized access.
  • Enable notifications for unrecognized logins or security breaches.
• Use Secure Messaging and Encryption
  • Use end-to-end encrypted messaging apps like Signal or WhatsApp.
  • Avoid sharing sensitive data through social media chats.

By implementing these measures, users can significantly reduce their risk exposure and better protect their personal and professional information from cyber threats.