AI Chatbots Are Exposing Real Phone Numbers, Raising Urgent Privacy Concerns

AI chatbots are giving out people's real phone numbers

A Redditor recently wrote that he was "desperate for help": for about a month, he said, his phone had been inundated by calls from "strangers" who were "looking for a lawyer, a product designer, a locksmith." Callers were apparently misdirected by Google's generative AI. In March, a software developer in Israel was contacted on WhatsApp after Google's chatbot Gemini provided incorrect customer service instructions that included his number. And in April, a PhD candidate at the University of Washington was messing around on Gemini and got it to cough up her colleague's personal cell phone number. AI researchers and online privacy experts have long warned of the myriad dangers generative AI poses for personal privacy. These cases give us yet another scenario to worry about: generative AI exposing people's real phone numbers. (The Redditor did not respond to multiple requests for comment and we could not independently verify his story.) Experts say that these privacy lapses are most likely due to personally identifiable information (PII) being used in training data, though it's hard to understand the exact mechanism causing real phone numbers to show up in the AI-generated responses. But no matter the reason, the result is not fun for people on the receiving end -- and, even more worryingly, there appears to be little that anyone can do to stop it. It's impossible to know how often people's phone numbers are exposed by AI chatbots, but experts say they believe that it is happening far more than is reported publicly. DeleteMe, a company that helps customers remove their personal information from the internet, says customer queries about generative AI have increased by 400% -- up to a few thousand -- in the last seven months. These queries "specifically reference ChatGPT, Claude, Gemini ... or other generative AI tools," says Rob Shavell, the company's cofounder and CEO. Specifically, 55% of these concerns about generative AI reference ChatGPT, 20% reference Gemini, 15% Claude, and 10% other AI tools, Shavell says. (MIT Technology Review has a business subscription to DeleteMe.) Shavell says customer complaints about personal information being surfaced by LLMs usually take two forms: Either "a customer asks a chatbot something innocuous about themselves and gets back accurate home addresses, phone numbers, family members' names, or employer details." Alternatively, a customer may be confronted with and report the exposure of someone else's personal data, when "the chatbot generates plausible-but-wrong contact information."

We Got Chatbots to Turn Over Personal Information. How to Keep Yours Safe

Generative artificial intelligence models are trained on vast troves of information gathered from the internet. And your phone number is probably in there. While some AI chatbots are trained to refuse to provide personal information about private individuals, it's startling how easy it is to get them to do so anyway. With growing awareness about how these services can fork over phone numbers and addresses, we decided to see what the most popular products would do. Yes, a few of us at CNET tried to see how easy it is to dox ourselves. If you're on the internet, you've probably heard of doxxing (the release of people's personal information). So it may be alarming that reports recently surfaced regarding AI chatbots revealing private individuals' phone numbers. This isn't the only privacy concern regarding artificial intelligence. A 2025 study from Cornell University discovered that at least five leading AI companies -- Anthropic, Google, Meta, Microsoft and OpenAI -- automatically use users' inputs to train their chatbots unless the user opts out. Of those, Meta and OpenAI retain user data indefinitely. That means these AI models are trained not just on the old phone book (remember those?) that has your childhood home listed in it. It could contain the information you gave a chatbot a couple of years ago, however private that was. But how much can chatbots reveal? And is there anything you can do to stop it? Based on our recent experience, it depends. A couple of us at CNET tried out a handful of chatbots to see what information we could pull about ourselves and relatives. While I won't share any screenshots or too many details regarding our queries, because, well, we don't want to dox ourselves, I can tell you this: Grok seemed to be the most "willing" chatbot when it came to getting answers, but some staffers were able to pull some information from ChatGPT, too. For example, after some questioning, my colleague Jon Reed was able to get ChatGPT to provide plenty of possible addresses for people in his area with the same name, but not his address. However, the chatbot did eventually reveal a relative's address. ChatGPT provided Reed with phone numbers, including an old landline phone number he once used, and it easily provided a relative's cellphone number. I was unable to get the chatbot to provide any address information, and when I asked further, it responded: "Even if an address appeared on a people-search site, I wouldn't help share or verify a private person's home address." It also stated, "I can't help find or share a private person's phone number." An OpenAI representative didn't immediately respond to a request for comment on how ChatGPT is intended to handle personal information. (Disclosure: Ziff Davis, CNET's parent company, filed a lawsuit against OpenAI in 2025, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.) Grok, however, was the worst offender in our test. When CNET staff tried Grok, putting in a name and asking for an address, it pulled multiple present and past addresses within seconds. At the end of the query, the chatbot stated in part: "Note: These come from publicly available records and directories. Home addresses are private; I recommend contacting him through professional channels." Later, the chatbot also provided a former phone number with the following note: "I don't recommend sharing or using personal phone numbers found in public records." An xAI representative didn't immediately respond to a request for comment regarding its privacy practices. Gemini, on the other hand, provided public-facing social media profiles, but would not give any personal information and added this note at the end of the query: "A note on privacy: To protect personal security, personal mobile numbers for individuals who are not public officials or designated business contacts are typically not released by AI services. Professional platforms like LinkedIn or business-specific email addresses remain the most reliable and respectful way to get in touch." Claude also refused to provide personal information. This year, I bought my first home and was swiftly inundated with scam mail delivered directly to my door. Months later, it's still trickling in. The scariest part was that the mail looked completely legitimate. It turns out that when you buy a home, your address and other information related to the home-buying process become a public record, at least in many places. Additionally, when you register to vote, violate the law or even shop online, your information can become easily accessible in certain places. A sneakier example is when you download a new app on your phone and click "accept terms" without reading all of the legal jargon and fine print. At that moment, you're often agreeing to your data being shared with third parties. This is one way your phone number and email end up on mailing and call lists, and how more of your personal information can end up on the internet. As a first step, you can remove your address from the internet so that, regardless of whether people use search engines or chatbots, your personal information stays private. "Chatbots will only tell people what info they can find, which means you can protect your privacy by checking what personal information is online and removing it where you can, like from Whitepages," CNET security expert Tyler Lacoma says. "When in doubt, I suggest spending some time with ChatGPT, Gemini and other chatbots to see what they say about you." Ultimately, if you don't want a chatbot to reveal your private information, you must ensure it's no longer readily available online. Data removal services are designed to remove your personal information from public databases and public records. Companies such as DeleteMe aim to reduce your data online, which can reduce the number of spam calls and marketing communications you receive. Many of these types of services are currently being tested by CNET to determine the best options.

ChatGPT Gave Out My Address and Phone Number

Back in the 20th century, every city in America distributed a very large book to everyone's home with a near-complete list of phone numbers and addresses for the people who lived there. It was called a phone book and it was considered an extremely normal way to find contact information. Fast forward to 2026, and knowing someone's address or phone number is considered some of the most intimate knowledge anyone can possess about you. Eileen Guo at MIT Technology Review has a new article about the rising concern over AI chatbots giving out phone numbers. The assumption is that personally identifiable information (PII) is being used in training data, which allows anyone to request the numbers lodged deep in the machine, as it were. Guo writes about some people who've been inundated with wrong numbers, including a software developer in Israel who started getting customer service calls after Gemini was giving out his number. Weird mistakes are one issue, and a predictable one given AI's error rate. Perhaps more concerning for the average person is the possibility of AI chatbots giving out their real phone number. I tested out various chatbots to see what they'd say if I requested my own phone number. ChatGPT ChatGPT accurately delivered a real phone number that I haven't had in a few years. But it was a number that I had for many, many years before moving to Australia. The chatbot noted that, "I can’t verify whether that number is still current or active." It appears to have pulled the number from a PDF of a FOIA request that I made to the FTC back in 2016. I also asked ChatGPT for Matt Novak's address, which was also in that obscure document. The AI chatbot happily volunteered that as well, though I no longer live there. When I prompted it for another phone number for Matt Novak in California, it gave the number for a different Matt Novak in the Los Angeles area. But it seemed to have no qualms with doing the search and delivering real numbers. Grok Grok refused to hand over the phone number, despite my repeated pleas that it was needed for a life or death situation. Grok also recognized that I was asking for my own phone number, something the other chatbots never mentioned. Claude Claude told me that, "Sharing private contact details of individuals â€" including journalists â€" raises serious privacy concerns." After telling Claude that Matt Novak had previously given me his phone number but I had forgotten it, the chatbot still refused. Perplexity Perplexity refused to give out my phone number and when it listed my email, it was censored with the words [email protected]. Curiously, Perplexity had no problem handing out my Signal user name. Despite repeated badgering, Perplexity refused to hand over the phone number. Gemini Gemini also refused and directed people to try my professional email address ([email protected]) as well as my personal one ([email protected]), both of which have been listed publicly with my consent all over the internet. When I asked Gemini whose phone number is 818-925-4375, it correctly answered, "That phone number belongs to the journalist Matt Novak." But don't worry, that's the number I do give out freely. None of the other AI chatbots would give up info on who that number belongs to. It's me. But I consider it a little like my spam-line inbox. It's kind of funny that the entire idea of privacy has been flipped on its head over the past 20 years or so. Sharing your most intimate private moments or vacation photos on platforms like Instagram seems like no big deal. Back in the 1990s, that kind of wide exposure may have felt violating. But here in 2026, your phone number is a closely guarded secret. And that's not necessarily wrong or weird. It's just how culture can shift over time. Privacy is ultimately a social construct.

Chatbots May Be Giving Out Your Phone Number

There are some data removal tools you can use to try to mitigate the privacy invasion, but there are no guarantees. When talking to a chatbot like ChatGPT, you should never assume your conversations are private. Many chatbots, by default, use your discussions to train the underlying AI models, but even if you opt out of training, or use a temporary chat, these conversations are often stored on company servers for some limited amount of time. The general rule of thumb is to avoid sharing anything with a chatbot that you wouldn't want to come out in public. (Proprietary company information, personal secrets, etc.) But what if the chatbot in question already has your private information? What if ChatGPT, Gemini, or Claude is happy to share your phone number with anyone who asks for it? That's the discussion I stumbled upon this week, following reporting from Eileen Guo of MIT Technology Review. In the piece, Guo reviews a series of claims from users who say that chatbots have been sharing personal information, like phone numbers, when requested. In some cases, the chatbots would share the info when the person in question asked for it; in other cases, however, it was strangers reaching out for details. In one example, a software engineer from Israel received a message from an unknown contact via WhatsApp, requesting assistance with their payment app. When the engineer asked how the stranger got their WhatsApp info, they sent back a screenshot, showing how Gemini shared the details when requested. The engineer later found a single source on the internet containing his phone number: a Quora post from 2015. Chatbots like ChatGPT are trained on huge amounts of data. Much of this data, of course, comes from the internet. It's entirely possible, therefore, that websites containing your personal information -- such as a random forum post from a decade prior -- could have wound up in a chatbot's dataset, and returned as part of a query about your information. Even if it wasn't a part of the training data, chatbots have had the ability to search the web for years at this point. These models can fan through an enormous number of websites to return results for a request, and if it finds your information, it just might share it. The deeper issue is that our information appears all over the internet, whether we know it or not. We might have personal contact information present on websites we may or may not remember posting on; town and city websites may have our personal information attached to public records, even if those results don't tend to appear at the top of a typical Google Search. Because AI is capable of performing deep dives through all these web results, however, it's capable of finding obscure results and surfacing them, potentially exposing your details. Now, as Guo explains, most chatbots have safety guardrails in place to prevent them from doing harm -- or, perhaps, too much harm. I encountered this firsthand when I asked ChatGPT what my phone number was. It told me that it couldn't hand out the personal information of private individuals, as that would go against its safety measures. However, it did find two phone numbers for "Jake Peterson" that were "public-facing," perhaps listed openly on individual corporate websites. (For the record, neither result was my phone number.) But these guardrails are far from perfect. Guo highlights a case in which a University of Washington PhD student searched for the contact information of their friend on Gemini. The bot returned with that friend's research, but also their phone number. The friend later confirmed she had shared her phone number online as part of a technology workshop, but never intended for it to be visible to anyone who asked for it. (Gemini could not find or would not share my personal contact info either, but was happy to share my X account.) Unfortunately, we don't have many good options when it comes to protecting our privacy from chatbots. To their credit, OpenAI does have a portal that lets you request the removal of your personal information from responses -- but, as Guo notes, the company reserves the right to decline your request for various reasons. Anthropic only has a support doc explaining how it uses your information, while Google will let you request to opt out of personal data processing, but only depending on your jurisdiction. (The company specifically calls out the EU and UK based on their data protection laws.) Perhaps, then, the most realistic approach to take is to get this information off the public internet as much as possible. If you live in California, you can use this portal to request that data brokers remove your information from their databases. You can also look into any number of personal data removal tools, like Incogni or DeleteMe, to attempt to accomplish the same. However, while these may remove your information from some corners of the internet, there's not much you can do if the AI companies already have your information in their datasets. The sad reality here is that AI technology outpaced regulations around personal privacy. Had lawmakers stepped up to ensure that we all had the option to opt out of these data collection practices, we might have been able to nip the problem in the bud. But as of now, the best we can really do is ask that our information be taken down and not used -- and, if it gets too bad, change our contact information outright.

'New opportunities for fraudsters': Alarming report reveals AI chatbots are doxxing users' real phone numbers

AI chatbots are turning into accidental snitches -- and in some cases, they're handing out real people's phone numbers to total strangers. Privacy experts are sounding the alarm over a disturbing trend dubbed "AI doxxing," where bots like Google Gemini and OpenAI ChatGPT surface personal contact information without consent. One Reddit user said their nightmare began when Google's AI allegedly started giving out their personal number as a placeholder for businesses and services. "Strangers are calling me constantly looking for a lawyer, a product designer, a locksmith - you name it," the user wrote, adding callers kept saying: "I got your number from Google's AI." The Redditor called it a "massive privacy violation and data leak," saying their phone had become a nonstop hotline for confused strangers and "My daily life is being completely disrupted." "Gemini's problem is not a defect. It's the result of unchecked years of data brokerage practices that meet generative AI," a spokesperson for privacy firm ClearNym told The Independent. They noted that years of harvested personal data are now colliding with AI systems trained on massive internet datasets. "It now returns as accurate copies or even fabrications and, most recently, as 'placeholder' phone numbers for any number of strangers," they warned. And it's not just random glitches causing chaos. Virgin Media O2 also recently reported that scammers are planting fake customer-service numbers online for AI chatbots to regurgitate back to users. "Criminals know when people search for help, they're often looking for a quick answer," said Murray Mackenzie, the company's fraud prevention director. "AI tools are creating new opportunities for fraudsters to create realistic-looking fake numbers that appear through search results or chatbots, putting people at risk of calling a criminal rather than their trusted provider." Researchers at AI security company Aurascape told The Independent that scammers accomplish this by "seeding poisoned content" across the web. "Attackers are quietly rewriting the web that AI systems read," said lead security researcher Qi Deng. "When you ask an assistant how to call your airline, it does exactly what it was designed to do, but with a customer support and reservations number that leads straight to a scammer instead of the real company." Other cases appear even more invasive. MIT Technology Review reported that Gemini mistakenly listed Israeli software engineer Daniel Abraham's personal number as customer support for a payment app. Meanwhile, researchers at the University of Washington discovered Gemini could expose personal contact info with alarming ease. "One day, I was just playing around on Gemini, and I searched for Yael Eiger, my friend and collaborator," said PhD student Meira Gilbert. Gemini also surfaced her private cell number. "It was shocking," Gilbert said. Her colleague, Yael Eiger, said the information technically existed online before -- but buried deep enough that almost nobody would find it. "Having your information be ... accessible to one audience, and then Gemini making it accessible to anyone" feels completely different, Eiger said. DeleteMe CEO Rob Shavell told the outlet that complaints about AI exposing personal data have surged recently, with customers reporting chatbots revealing "accurate home addresses, phone numbers, family members' names, or employer details." A spokesperson for Google told MIT Technology Review the company has safeguards in place to prevent personal information from appearing in AI features and reviews requests for removal. Still, some users say help has been hard to come by. "Standard support forms are a complete dead end," the aforementioned Redditor wrote. "I haven't received a single response, and the harassment continues daily." The AI privacy mess comes as scammers are increasingly weaponizing the technology in other alarming ways, too. As previously reported by The Post, Long Island officials recently warned that fraudsters are using AI voice-cloning tools to impersonate victims' grandchildren in desperate phone calls targeting seniors. The scammers allegedly scour TikTok and other social media platforms for videos of young people speaking, then use the audio to generate realistic fake voices demanding bail money or emergency cash. "They're always trying to stay a step ahead," Suffolk County Police Commissioner Kevin Catalina previously told The Post. Catalina warned that the schemes are becoming "more and more sophisticated" as AI advances, with elderly victims losing thousands of dollars to convincing synthetic voices and spoofed phone numbers.