When AI Chatbots Leak Your Phone Number: Privacy Risks Explained

Generative AI chatbots like Google Gemini, ChatGPT, and Claude are designed to assist, but recent incidents show they can inadvertently expose personal phone numbers and other private data. Users have reported receiving calls from strangers who were directed by AI responses containing real contact information. This Q&A explores how these leaks happen, who is affected, and what—if anything—can be done to protect your privacy.

What recent cases show AI chatbots exposing phone numbers?

In early 2024, several incidents highlighted this privacy flaw. A Reddit user reported a month-long flood of calls from people seeking a lawyer, product designer, or locksmith—all because Google Gemini provided his number as a contact. In Israel, a software developer named Daniel Abraham received a random WhatsApp message after Gemini gave his personal number as customer service for a different company. At the University of Washington, a PhD candidate prompted Gemini and received a colleague's actual cell number. These cases, while anecdotal, underscore a growing pattern where AI models regurgitate personally identifiable information (PII) hidden in training data. Experts note that such exposures are often underreported, as victims may not realize the source or may feel powerless to stop further leaks.

Why do AI chatbots disclose real phone numbers?

The root cause lies in how large language models are trained. They ingest massive datasets scraped from the web, which can include public records, business directories, social media profiles, and other sources containing phone numbers. When a user asks a question that triggers a pattern match with that training data—even indirectly—the model might output an exact number it "learned." AI researchers say it is difficult to pinpoint the exact mechanism, but it is likely a combination of overfitting (memorizing specific examples) and insufficient filtering during training. Another possibility is that the model generates plausible but incorrect contact info by combining fragments; but in these cases, the numbers were real. The problem is compounded because current models lack a reliable way to distinguish between public, private, or outdated information.

How common is this problem?

It is impossible to know the full scale, but experts believe it is far more frequent than what is publicly reported. DeleteMe, a company that helps individuals remove personal data from the internet, reports a 400% increase in customer queries about generative AI over the past seven months—now numbering in the thousands. According to CEO Rob Shavell, 55% of these concerns reference ChatGPT, 20% Gemini, 15% Claude, and 10% other tools. Customers describe two main scenarios: either they ask a chatbot something innocent about themselves and get back precise details like home addresses, phone numbers, family names, or employer info; or they discover the chatbot generated plausible-but-wrong contact information for someone else. This surge indicates that the exposure of PII is not a rare glitch but a systemic issue affecting many users.

What types of personal information are being exposed?

Besides phone numbers, AI chatbots have been known to reveal home addresses, family members' names, employer details, and even email addresses. In the cases described, phones numbers were the most common complaint, but DeleteMe clients have also reported their full names and street addresses appearing in AI responses. The problem extends beyond mere annoyance—calls from strangers can lead to harassment, phishing attempts, or identity theft. Because the data often comes from outdated or incorrectly indexed sources, the person whose info is leaked may have no connection to the topic the chatbot was asked about. For example, a locksmith's number might be listed from an old directory entry, causing the AI to present it as current contact information for a different business.

Can you prevent AI chatbots from exposing your number?

Currently, there is no straightforward way to prevent it. Experts say the onus is on the AI companies to implement better privacy safeguards. DeleteMe suggests that individuals can proactively remove their personal information from data broker sites, which reduces the chance that it ends up in training datasets. However, the process is time-consuming and often requires repeated requests. On the platform side, developers can apply techniques like differential privacy during training to reduce memorization, or add output filters to detect and block phone numbers. Some chatbots already refuse certain requests, but the cases show many slip through. Users can report specific instances to the AI provider, but there is no guarantee of immediate removal. Until stronger regulations or technical solutions emerge, staying cautious about what you ask a chatbot—and monitoring unexpected contacts—remains the best defense.

What should you do if your number is revealed by an AI chatbot?

If you suspect your phone number or other PII was exposed through an AI response, experts recommend these steps:

• Document the incident: take screenshots of the chatbot output and note the date, time, and context of the request that triggered the exposure.
• Contact the AI provider: report the issue using their privacy feedback channels. Companies like Google (Gemini), OpenAI (ChatGPT), and Anthropic (Claude) have teams that investigate data leaks.
• Review your online footprint: search for your phone number on search engines and request removal from data broker sites such as BeenVerified, Spokeo, or Whitepages.
• Consider using a privacy service: companies like DeleteMe can automate removal requests across hundreds of websites.
• Be wary of secondary scams: if strangers contact you, do not share additional personal information. Alert friends and family so they are aware of potential spoofing attempts.

While no solution is foolproof, taking action can reduce future visibility and help AI companies improve their privacy filters.

Are AI companies doing anything to fix this?

AI developers acknowledge the privacy risks and are working on mitigations. Google, for example, has updated Gemini to block certain prompts that request personal data, but the incidents show that the filters are not perfect. OpenAI has implemented usage policies that prohibit generating personal contact details, and they use moderation tools to catch violations. However, the dynamic nature of conversational AI means new exploits appear regularly. Some researchers advocate for constitutional AI—embedding privacy rules directly into the model's training—to reduce memorization of PII. Others call for external validation layers that check outputs against a database of known private numbers. The problem is complex because models need to remember factual public information (like business numbers) but forget private ones. Until a robust, industry-wide standard emerges, users remain vulnerable.