Google indexing shared ChatGPT links, exposing sensitive user data

Update: OpenAI has since disabled the public discoverability of shared chats. Read the follow-up story – ChatGPT kills Google-indexable chats over privacy fears

Thousands of ChatGPT conversations – including prompts, AI-generated responses, and potentially sensitive information – are appearing in Google Search results due to the platform’s shared link feature, raising serious privacy and security concerns.

Google has been indexing ChatGPT shared links for all users except those on ChatGPT Enterprise. This means that any conversation shared using OpenAI’s “Share” feature could become publicly accessible and discoverable through simple search queries.

What’s Being Exposed?

A search using site:chatgpt.com/share +[keyword] reveals numerous shared interactions containing confidential or identifying information – such as internal business strategies, personal names, roles, and even client data. One such indexed chat reportedly included a Deloitte senior consultant’s name, age, and job description.

These exposures occur when users unknowingly enable the “share” feature, which generates a public link. If this link is posted or accessible anywhere Google can crawl, it gets indexed.

“If the public, shared link is placed anywhere Google can see it, it will index it”, said Christopher Penn, co-founder of TrustInsights.ai, in a LinkedIn post.

Why This Matters

The incident is a stark reminder for marketers, SEO professionals, and corporate teams who use generative AI tools in content development, messaging, and strategic planning. Shared chats can inadvertently reveal:

• Proprietary marketing strategies
• Client names or project details
• Internal messaging drafts
• Research and development ideas

With Google now crawling these links, competitors or malicious actors could potentially mine ChatGPT conversations for business intelligence or intellectual property.

Olaf Kopp, co-founder of Aufgesang GmbH, warned users to avoid interacting with shared chats due to prompt injection risks:

• “Check your shared links and delete them. Go to Settings -> Data Controls -> Shared Links -> Manage. Prevent your chats from being shared and indexed!”

While currently only a few thousand chats appear to be indexed, the risk is far-reaching.

What You Should Do

• Audit shared links: Review your ChatGPT shared conversations.
• Search your brand: Use site:chatgpt.com/share + your company or personal name to check for exposure.
• Educate teams: Ensure staff understand the privacy implications of sharing AI-generated content.
• Limit sharing: Use on-premise or private AI deployments for sensitive data workflows.

This event highlights growing concerns around AI governance, data hygiene, and digital privacy in professional environments. As generative AI tools become standard in daily operations, organizations must establish strict protocols to prevent leaks – intentional or accidental.