AI chatbots expose real phone numbers, creating significant privacy risks for individuals as personal contact information is increasingly surfaced by generative AI tools like Google Gemini and ChatGPT. Reports indicate a concerning trend where users’ private phone numbers, often scraped from obscure online sources, are being inadvertently shared by these advanced language models, leaving victims with little recourse.
The issue has come to light through multiple incidents, including a Redditor’s desperate plea for help after his phone was bombarded with calls from strangers seeking various professionals, all misdirected by Google’s generative AI. Similarly, a software developer in Israel received unsolicited WhatsApp messages after Gemini provided incorrect customer service instructions that included his personal number. Even a PhD candidate at the University of Washington managed to prompt Gemini into revealing her colleague’s private cell phone number, underscoring the pervasive nature of this privacy vulnerability.
Generative AI Exposes Personal Data
AI researchers and online privacy experts have consistently warned about the myriad dangers generative AI poses to personal privacy. These recent cases offer a tangible, troubling scenario: the inadvertent exposure of people’s real phone numbers. While the exact mechanisms causing these privacy lapses remain unclear, experts largely attribute them to personally identifiable information (PII) being incorporated into the vast datasets used for training these large language models (LLMs).
The scale of the problem is difficult to quantify precisely, but anecdotal evidence suggests it is far more widespread than publicly reported. DeleteMe, a company specializing in removing personal information from the internet, has observed a staggering 400% increase in customer queries related to generative AI over the past seven months. Rob Shavell, DeleteMe’s cofounder and CEO, notes that these queries specifically reference major AI tools like ChatGPT (55%), Gemini (20%), and Claude (15%).
“A customer asks a chatbot something innocuous about themselves and gets back accurate home addresses, phone numbers, family members’ names, or employer details.”
Shavell describes two common complaint scenarios: either a user finds their own accurate personal data, including phone numbers, surfaced by a chatbot, or they encounter a chatbot generating plausible-but-incorrect contact information for someone else. The experience of Daniel Abraham, the Israeli software engineer, perfectly illustrates the latter. He was contacted by a stranger asking for help with a payment app, only to discover Gemini had provided his personal WhatsApp number as the customer service contact for a company he doesn’t even work for.
Abraham’s personal number, it turned out, had been shared on a local Q&A site back in 2015, highlighting how seemingly innocuous, decades-old online data can resurface through AI. This phenomenon is exacerbated by the fact that LLMs are trained on immense volumes of web-scraped data, which inevitably includes hundreds of millions of instances of PII. As the demand for training data grows and public data sources become scarce, AI companies are increasingly turning to data brokers and people-search websites, further increasing the likelihood of PII leakage.
The Challenge of Imperfect Safeguards
While AI developers implement guardrails and content filters to prevent chatbots from releasing PII, these safeguards are proving imperfect. The University of Washington PhD students, Meira Gilbert and Yael Eiger, experienced this firsthand when Gilbert prompted Gemini for Eiger’s contact information and received her personal phone number. Eiger had shared her number online for a workshop, but the widespread accessibility through Gemini felt fundamentally different.
“Having your information be… accessible to one audience, and then Gemini making it accessible to anyone” feels completely different.
The ability of models to memorize and reproduce data verbatim from their training sets, as recent research suggests, means that even less frequently appearing data can be recalled. This inherent characteristic of LLMs presents a formidable challenge to privacy, making it incredibly difficult to prevent the exposure of sensitive information once it has entered the training ecosystem.
The growing incidents where AI chatbots expose real phone numbers underscore a critical and immediate threat to personal privacy in the age of generative AI. As these powerful tools become more integrated into daily life, the urgent need for robust data governance, enhanced PII filtering mechanisms, and greater transparency from AI developers is paramount to protect individuals from unwanted exposure and potential harassment. Without effective solutions, the convenience of AI comes at a significant and escalating cost to personal security.



