Nearly 100K ChatGPT Chats Exposed on Google Search

A significant privacy lapse has come to light, revealing that nearly 100,000 conversations conducted on OpenAI’s ChatGPT were indexed by Google and other search engines, making them publicly searchable. This exposure, initially reported by Fast Company and further detailed by 404Media.co, stemmed from a “sharing feature” designed to allow users to generate links to their conversations, which inadvertently exposed sensitive personal and professional data to the open web.

The issue arose from a “Make this chat discoverable” checkbox presented to users when they opted to share a ChatGPT conversation. While the feature included fine print indicating that the chat could appear in search results, many users reportedly clicked this option without fully understanding the implications of public exposure. The result was a vast dataset of conversations, scraped by a researcher, that OpenAI did not dispute to be around 100,000 indexed chats.

The exposed data is alarmingly diverse and sensitive. It includes alleged texts of non-disclosure agreements, discussions of confidential contracts, deeply personal relationship issues, mental health confessions, workplace grievances, details about drug use and sex lives, and even job applications. Some indexed chats contained full names, locations, contact information, job titles, company names, and internal processes, turning private exchanges into potential open-source intelligence (OSINT) goldmines for malicious actors or competitors.

In response to the widespread concern and media attention, OpenAI’s Chief Information Security Officer (CISO), Dane Stuckey, announced on X (formerly Twitter) that the company had removed the “discoverability feature” entirely. OpenAI described it as a “short-lived experiment” intended to help users discover useful conversations. The company is now working with search engines to de-index the shared chats, though it acknowledged that cached versions might remain visible for some time.

This incident underscores critical challenges in AI governance and data hygiene as generative AI tools become increasingly integrated into daily workflows. It highlights the paramount importance of clear, unambiguous user interface design and robust privacy defaults to prevent unintentional data exposure. The rapid response from OpenAI, pulling the feature within hours of the backlash, suggests a recognition of the severity of the breach of user trust.

For users concerned about their data, it is advised to check if any of their conversations have been indexed by performing a Google search using “site:chatgpt.com/share” followed by their name or unique terms from their chats. Users can delete any shared links they no longer wish to be public by navigating to their ChatGPT settings, then “Data Controls,” and finally “Shared Links.” Furthermore, the incident serves as a stark reminder to exercise caution when sharing any sensitive information with AI chatbots, treating such interactions as potentially permanent digital records.