ChatGPT privacy concerns have taken an unusual turn: some user prompts appeared inside Google Search Console, a tool meant for site owners tracking search visibility. The reported leak involved personal and business-related prompts that users likely did not expect to appear in a developer analytics dashboard.
OpenAI said it was “aware” of the issue and had “resolved” a glitch “that temporarily affected how a small number of search queries were routed.” But the explanation left researchers asking how the routing worked, whether Google Search was involved, and how many prompts were exposed.
What appeared in Google Search Console
Google Search Console usually shows site managers the words and short phrases people search before reaching their pages. According to the source article, beginning this September, some site owners instead found strange, unusually long queries. Some were more than 300 characters long.
Those entries appeared to contain only user inputs. The prompts seemed to come from people asking a chatbot for help with relationship questions, workplace messaging, and business problems. The concern is straightforward: a private prompt can contain sensitive context even when it does not include a name.
Jason Packer, owner of an analytics consulting firm called Quantable, was among the first people to flag the issue publicly. He later worked with “Internet sleuth” and web optimization consultant Slobodan Manić to test what might be causing the strange entries.
Packer reviewed 200 unusual queries on one site alone. One appeared to involve a likely female user asking ChatGPT to interpret a boy’s behavior. Another appeared to involve an office manager working through a return-to-office announcement while sharing business information.
Why researchers linked the leak to search routing
Packer suspected the issue might connect to earlier reporting from The Information in August, which cited sources claiming OpenAI was scraping Google search results to help answer ChatGPT prompts about current events, including news or sports. OpenAI has not confirmed that it scrapes Google search engine results pages.
The investigation by Packer and Manić focused on a recurring clue: the string “https://openai.com/index/chatgpt/” appeared at the beginning of every strange query they examined. Manić found that one site was seeing the entries because it ranked highly in Google Search for that URL-related phrase.
Their theory was that Google had broken the URL into searchable terms, effectively treating it as “openai + index + chatgpt.” Sites ranking for those terms could then see the odd ChatGPT-related queries inside Google Search Console.
Ars said it was able to verify similar strings using the researchers’ recommendations for finding them in Google Search Console. That verification supported the existence of the unusual query pattern, while still leaving the underlying technical path unresolved.
The suspected path for leaked prompts
Packer and Manić proposed one possible explanation. Users visiting the URL that appeared at the start of the queries encountered a prompt box that seemed to add the page URL into the prompt. The source article says the prompt box also included the query parameter “hints=search,” which appeared to push ChatGPT toward making a search.
The researchers suggested that some of those searches relied on Google, causing user prompts to surface in Google Search Console. Packer argued that if an API or private connection had been used, the queries would not have shown inside GSC.
In Packer’s view, this raised a larger privacy issue: prompts needing Google Search may have been shared beyond the user’s expected conversation with ChatGPT. He alleged that OpenAI was sharing such prompts with Google, with whoever handled scraping, and with sites appearing in the search results.
OpenAI did not confirm Packer and Manić’s scraping theory. It also declined to answer questions that Ars said could have clarified the scope of the issue. Google declined to comment.
Why this differs from earlier ChatGPT leaks
The source article contrasts this incident with an earlier situation in August, when ChatGPT prompts appeared in Google’s search index. In that earlier case, OpenAI said users had clicked a box that made the prompts public, which the company described as “sufficiently clear.” OpenAI later moved to remove those chats from Google’s search engine results pages after users felt misled.
Packer said the Google Search Console issue was different because affected users did not actively share the prompts. In his words, “nobody clicked share.” That distinction matters because a user may reasonably understand a public-sharing control as a privacy risk, while a search-routing leak is much harder for an ordinary user to detect or prevent.
The source also notes another unresolved concern: there does not appear to be a clear way to remove the leaked chats from Google Search Console. The prompts may not directly identify users unless they included identifying details, but sensitive prompts can still expose personal or workplace context.
What remains unanswered
OpenAI said the problem affected a small number of search queries, but it did not provide a more precise estimate. The source article says it remains unclear how many of the 700 million people who use ChatGPT each week had prompts routed to GSC.
Packer said he was “very pleased that OpenAI was able to resolve the issue quickly.” Still, he said OpenAI’s response did not confirm whether the company was scraping Google, leaving doubt about whether the fix fully addressed the broader concern.
Manić also wanted to know whether prompts entered on https://chatgpt.com that triggered Google Search were affected. OpenAI did not follow up on that question, according to the source article.
For users, the practical lesson is narrow but important: chatbot prompts can travel through systems users never see. When prompts include personal, workplace, or business information, privacy depends not only on the chat interface but also on how search, routing, and analytics systems handle the request behind the scenes.