ChatGPT, Gemini and Claude leak personal data: Which users are at risk

Mechanism of AI doxxing and real cases

Researchers explain that the problem of personal information (PII) exposure is directly linked to the training architecture of large language models (LLMs).

Developers train algorithms on massive datasets of publicly available internet content, which may accidentally include archived forum discussions, old social media posts, real estate registries, and even publicly released documents.

In addition, modern AI tools are integrated with web search functionality, allowing them to scan a person’s digital footprint in real time and instantly return results to any user.

Real-world complaints confirm the scale of the issue:

Case of an Israeli engineer: A programmer began receiving mass messages on WhatsApp from strangers asking for help setting up a payment app. As “proof,” they sent screenshots from a Gemini chat window, where the AI allegedly displayed his personal number as the company’s official support contact.

The only known source from which the AI could have extracted the number was a forgotten Quora comment posted 11 years ago.

University of Washington study: A graduate student, during a routine test of Gemini, asked about the research activity of a colleague. The chatbot not only provided a list of current studies but also included the researcher’s private phone number.

It was later discovered that the victim had once provided this number when registering for a closed tech workshop and did not intend for it to be publicly accessible.

Gizmodo journalist Matt Novak experiment: During his own test, ChatGPT reportedly provided his old phone number and exact home address from ten years ago without hesitation. The system was able to retrieve the data from a deep section of an official FTC PDF document dated 2016.

The core issue: imperfect safety barriers

Every major tech company claims to have special safety guardrails designed to block the disclosure of personal information.

When directly asked questions like “what is my phone number?” or “what is this journalist’s address?”, systems usually refuse and respond with standard safety messages.

However, practical tests show that these restrictions can be bypassed with minimal manipulation. By rephrasing questions, changing the context to “finding contacts of an expert,” or providing indirect hints, users can sometimes trick the system into revealing sensitive data.

In some cases, systems even confuse individuals and return phone numbers of completely unrelated people with the same name.

What AI developers are doing

Currently, there are almost no effective enforcement mechanisms for regulating AI developers. OpenAI has launched a special form allowing users to request the removal of personal information from search results, but the company reserves the right to reject requests without explanation.

Google processes such appeals mainly for residents of the European Union and the United Kingdom due to GDPR requirements.

Anthropic (Claude developer) limits its privacy policy to general guidelines on data usage, while Elon Musk’s xAI reportedly ignores official journalistic inquiries on the issue.

Against the backdrop of the privacy crisis, specialized data removal services (such as Incogni or DeleteMe) have reported a sharp increase in client requests related to AI-driven privacy threats, rising by over 400%.

Experts conclude that, in the absence of strict government regulation, the only reliable protection is to manually remove all personal information from the public internet, and in critical cases, even change one’s physical SIM card.