OpenAI ChatGPT Privacy Breach Exposes User Chats via ‘Make Link Discoverable’ Setting

• New ChatGPT feature: Shared ChatGPT conversations appeared in Google via a now-disabled “Make Link Discoverable” option.
• How it happened: Thousands of users accidentally made their private AI chats public due to an unclear sharing option.
• Exposed via Google search: OpenAI removed the feature, but many conversations remain visible through cached or alternate queries.

A ChatGPT feature that enabled public sharing accidentally exposed thousands of conversations through search engines. Experts say sensitive information was retrievable with basic dork commands even without a ChatGPT account.

'Make Link Discoverable' Feature and Data Exposure

OpenAI introduced a “Make link discoverable” option as part of its Shared Chats functionality. This toggle allowed users to publish conversations to a public URL that could also be indexed by Google and other major search engines.

Shared ChatGPT conversations became publicly accessible through dork-style queries such as:
site:chatgpt.com/share "API"
site:chatgpt.com inurl:/share

These queries revealed thousands of conversations, some of which included private reflections, mental health topics, workplace issues, internal documents, and business strategies.

Sensitive information, including personal identifiers, internal documents, job applications, business plans, and technical code, became visible in search results with no clear warning to users, according to a recent Binance report. 

OpenAI did not initially implement a “noindex” directive, which would have prevented crawlers from including these pages in public search indexes, a standard privacy safeguard that was missing at launch.

HackManac Confirms Public Indexing and Exposure

In exclusive responses to TechNadu, Sofia Scozzari, CEO and Founder of HackManac, confirmed, “Search engines (Google, but also others like Brave, Yahoo, DuckDuckGo, Bing…) were indexing shared conversations on ChatGPT. This was only valid for conversations shared using ChatGPT's ‘Share’ feature and only when enabling the option ‘Make Link Discoverable’.”

“These conversations could easily be found using a simple dork (site:chatgpt.com/share ‘API’). After news of this surfaced, Google began de-indexing the pages, disabling the dork temporarily. But later, some users found the conversations still accessible using other queries, such as: (site:chatgpt.com inurl:/share).”

“The initial searches revealed thousands of publicly indexed chats, many of them containing very delicate content like traumas, mental health problems, or work-related discussions.”

Who Could Access These Conversations?

This means any individual with a link or able to perform a simple search could view the shared conversation, even if it contained personal or confidential data.

What Can Users Do to Control Access?

According to HackManac, even after deleting the shared link, the content may still be visible in search engine indexing. “While the chat owner's name is not displayed, any sensitive information typed in the conversation remains visible.”

Binance also added that users were not properly informed of what activating the toggle would do to their data.

Recommended precautions include:

• Avoid using the “Share” function for sensitive content
• Prefer screenshots or pasted text instead of shareable links
• Delete public links after use
• Never insert personal identifiers or confidential data into AI chats

OpenAI's Response

After initial public disclosures, including HackManac’s post on X, OpenAI removed the 'Make Link Discoverable' feature entirely. The removal happened shortly after researchers flagged the issue, and public concern grew.

OpenAI is now working with search engines like Google to de-index exposed conversations, but many remain publicly visible at the time of reporting.

Implications

While the feature was opt-in, the lack of clear labeling, missing privacy safeguards, and inadequate user awareness led to widespread accidental exposure. The incident has raised renewed questions about user privacy in AI platforms.

In December 2024, OpenAI was fined €15 million by Italian regulators for GDPR violations and data handling deficiencies, further illustrating regulatory concerns around transparency and data privacy.

What Users Should Do Now:

1. Go to ChatGPT > Settings > Shared Links
2. Review all previously shared conversations
3. Delete any shared links you no longer want accessible
4. Assume anything shared using the discoverable link may still be cached online