ChatGPT Just Leaked Your Private Chats. Here’s How Bad It Got

Your ChatGPT conversations weren’t as private as you thought. For months, deeply personal prompts have been spilling into Google Search Console, exposing relationship advice, business secrets, and other sensitive chats to random website owners.

This isn’t your typical data leak. It’s weirder and potentially more invasive than anything we’ve seen from OpenAI before.

Personal Conversations Showed Up in Analytics Tools

Google Search Console (GSC) is supposed to show website traffic data. Simple keywords. Short search phrases. Boring analytics stuff.

Instead, starting in September, site managers found something completely unexpected. Long strings of text appeared in their reports, sometimes exceeding 300 characters. These weren’t search queries. They were actual ChatGPT prompts from real users.

Jason Packer, who runs analytics firm Quantable, spotted the problem first. One leaked prompt showed someone asking ChatGPT to analyze whether a boy who teased her had romantic feelings. Another revealed an office manager sharing confidential business information while planning a return-to-office announcement.

Those were just two examples. Packer reviewed 200 leaked prompts on a single website. Some were “pretty crazy,” he told reporters.

Nobody Clicked Share This Time

Remember when ChatGPT conversations appeared in Google’s search results back in August? OpenAI claimed users had clicked a sharing button, making those chats public. The company later scrambled to remove them after backlash.

This leak is different. Users didn’t share anything intentionally. They typed prompts into ChatGPT expecting privacy. Those conversations leaked anyway.

Plus, there’s no way to remove these leaked chats from Google Search Console. Unlike the previous scandal, affected users can’t undo the damage.

Evidence Points to OpenAI Scraping Google

Packer teamed up with web consultant Slobodan Manić to investigate. Together, they discovered something troubling.

Every leaked query in GSC started with “https://openai.com/index/chatgpt/” appended to the user’s actual prompt. Google apparently tokenized this URL, breaking it into searchable keywords: “openai + index + chatgpt.”

Any website ranking highly for those terms in Google Search received the leaked prompts in their analytics. That created a trail showing OpenAI was potentially sending user prompts directly to Google.

Their testing revealed a buggy prompt box on ChatGPT’s website. When users entered queries there, the page URL got added to their prompt. Then ChatGPT performed a web search using Google, accidentally sending the entire string to Google Search Console.

“We know it must have scraped those rather than using an API or some kind of private connection—because those other options don’t show inside GSC,” Packer explained. That means OpenAI likely shared every prompt requiring a Google search with multiple parties: Google itself, whoever handles OpenAI’s scraping, and websites appearing in search results.

Yikes.

OpenAI’s Vague Response Leaves Questions

OpenAI acknowledged awareness of the issue. The company claims it “resolved” a glitch “that temporarily affected how a small number of search queries were routed.”

But that statement raises more questions than it answers.

How many users were affected? OpenAI won’t say. The company serves 700 million ChatGPT users weekly. Even a “small number” from that user base could represent thousands or millions of leaked conversations.

Did OpenAI stop scraping Google entirely? Or just fix the specific routing bug? The company declined to clarify.

Were prompts entered through other ChatGPT interfaces also affected? No response.

The lack of transparency is frustrating. Users deserve to know if their private conversations leaked and what exactly OpenAI fixed.

Privacy Takes a Backseat to Growth

This incident reveals OpenAI’s priorities. The company apparently scraped Google search results to enhance ChatGPT responses about current events. That makes sense for maintaining engagement and competing with Google’s own AI products.

But at what cost to user privacy?

OpenAI moved fast to add features like real-time search. The company seemingly didn’t consider privacy implications or didn’t care enough to prevent leaks before launching.

Manić pointed out another concern. OpenAI’s scraping might contribute to “crocodile mouth” in Google Search Console, a troubling trend where impressions spike but clicks drop. That affects website owners’ ability to understand their actual traffic.

What This Means for ChatGPT Users

Assume your prompts aren’t fully private. Especially if you’re asking ChatGPT questions about current events, news, or anything requiring real-time information.

Those searches likely ping Google. And while OpenAI claims it fixed the routing bug, we don’t know if it stopped scraping entirely.

Be careful what you share with AI chatbots. Don’t include identifying information, sensitive business data, or deeply personal details unless you’re comfortable with potential exposure.

OpenAI’s track record on privacy doesn’t inspire confidence. This is the second major leak in six months. The company’s rapid development pace clearly prioritizes features over safeguards.

The Bigger Picture Nobody Talks About

AI companies scrape vast amounts of data to train and improve their models. That’s well-known. But this leak suggests OpenAI is also sending user prompts to external services in real-time.

That’s a different ballgame. It means your conversations potentially touch multiple systems and companies beyond OpenAI’s control.

Google declined to comment on whether it knew OpenAI was scraping its search results or sending user prompts through its systems. That silence is telling.

Meanwhile, website owners using Google Search Console had no idea they were receiving leaked ChatGPT conversations. They became unwitting witnesses to other people’s private chats through no fault of their own.

The entire situation feels like a preview of AI privacy challenges ahead. As these tools become more integrated into our daily lives, the lines between private conversations and scraped data blur further.

OpenAI resolved this particular bug. But the company’s rushed approach to development suggests more privacy incidents are inevitable. Users should adjust their expectations accordingly.

Your ChatGPT prompts might not stay between you and the chatbot. That’s the uncomfortable reality we’re learning to live with.