Khaberni - In mid-2025, "ChatGPT" users discovered that their shared conversations were appearing in "Google" search results for anyone who knew how to search.
That incident was not a breach, but an optional feature built into the sharing interface titled "Make this link discoverable," which most users overlooked and did not initially show on mobile devices. As a result, more than 4,500 conversations, some containing medical data, programming codes, and sensitive professional information, became available online.
"OpenAI" remedied the situation and completely removed the indexing option in late July 2025, but the incident left a fundamental question: how can you ensure it doesn't happen again?
The first step: Stop using your data
The most critical action a user can start with is to prevent "OpenAI" from using their conversations in improving its future models.
This is done from the settings menu, then data control tools, then disabling the chat log and training option. Once this option is activated, conversations stop being saved in the sidebar log and are not subject to any scrutiny by the company's systems.
The second step: Review your old shared links and delete them
The user goes to the settings, then data control tools, then shared links, and clicks on "Manage" to see all the links they have previously created. Once any link is deleted, those trying to access it encounter a "page not found" error, cutting off any search engine trying to access it.
To check if any conversations have already been indexed, simply search on "Google" by typing the website address followed by a keyword related to the conversation. If results appear, a link removal tool in "Google Search Console" is available to request their removal from the search results.
The third step: Use the temporary conversation mode
"OpenAI" launched the temporary conversation feature to provide an immediate layer of privacy without needing to adjust any settings.
It is activated from the model choice menu, ensuring that the conversation is not saved in the log or used for training, and it is deleted from the company's servers after 30 days.
Avoid publishing links in public spaces
"OpenAI" uses programming tags that prevent search engines from indexing pages of shared conversations, but this technical protection fails when the user publishes the link on a public platform like "X," an open forum, or a blog.
Search engines discover links through indirect channels including browser data and email applications, as clearly demonstrated by the 2025 incident.
Additional Tips for Professionals and Companies
Reports from a cybersecurity firm reveal that a large percentage of company data leaks occur through pasting programming codes or strategic plans into chatbots.
The enterprise version of "ChatGPT" also provides legal guarantees that data does not leave the organization's domain and is not used for training, according to "unbundl."
Cybersecurity experts advise replacing real names and sensitive numbers with fictional symbols before entering them into any artificial intelligence model, regardless of the level of protection activated.
