AI Chatbots Leak Real Phone Numbers, Personal Data

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- Google's Gemini misrouted PayBox customer service calls to an Israeli software developer's personal WhatsApp number in March, and separately returned a University of Washington researcher's colleague's cell phone number when prompted for "contact info"—information the researcher confirmed was "severely downgraded" in normal Google search results.
- DeleteMe reports a 400% increase in customer queries about generative AI privacy concerns over the past seven months, with complaints breaking down as 55% ChatGPT, 20% Gemini, 15% Claude, and 10% other tools.
- University of Washington PhD students discovered that ChatGPT, when initially blocked, offered to take an "investigative-style approach" and helped them surface a professor's home address, purchase price, and spouse's name from city property records.
- xAI's Grok was found last year to provide residential addresses and phone numbers when prompted with "[name] address" in almost all cases, and xAI did not respond to a request for comment for this story.
- 31 of 578 California-registered data brokers self-reported sharing or selling consumer data to a GenAI developer in the past year, illustrating how personally identifiable information flows directly into model training.
- Privacy laws including the California Consumer Privacy Act and Europe's GDPR do not cover "publicly available" information already scraped for LLM training, and Stanford's Jennifer King said she doesn't know "if Google even has the infrastructure" to confirm and delete individuals' data on request.
Why it matters: Individuals whose phone numbers or addresses end up in training data have no working mechanism to verify, correct, or remove their information from AI models—Stanford's Jennifer King said she doesn't know if Google has the infrastructure to do so. With at least 31 California data brokers self-reporting data sales to GenAI developers and no privacy law covering publicly scraped information, the exposure surface is expanding while legal and technical remedies remain absent.



