404 Media

2025-08-07 15:17:12

More than 130,000 Claude, Grok, ChatGPT, and Other LLM Chats Readable on Archive.org

A researcher has found that more than 130,000 conversations with AI chatbots including Claude, Grok, ChatGPT, and others are discoverable on the Internet Archive, highlighting how peoples’ interactions with LLMs may be publicly archived if users are not careful with the sharing settings they may enable.

The news follows earlier findings that Google was indexing ChatGPT conversations that users had set to share, despite potentially not understanding that these chats were now viewable by anyone, and not just those they intended to share the chats with. OpenAI had also not taken steps to ensure these conversations could be indexed by Google.

“I obtained URLs for: Grok, Mistral, Qwen, Claude, and Copilot,” the researcher, who goes by the handle dead1nfluence, told 404 Media. They also found material related to ChatGPT, but said “OpenAI has had the ChatGPT[.]com/share links removed it seems.” Searching on the Internet Archive now for ChatGPT share links does not return any results, while Grok results, for example, are still available.

Dead1nfluence wrote a blog post about some of their findings on Sunday and shared the list of more than 130,000 archived LLM chat links with 404 Media. They also shared some of the contents of those chats that they had scraped. Dead1nfluence wrote that they found API keys and other exposed information that could be useful to a hacker.
playlist.megaphone.fm?p=TBIEA2…
“While these providers do tell their users that the shared links are public to anyone, I think that most who have used this feature would not have expected that these links could be findable by anyone, and certainly not indexed and readily available for others to view,” dead1nfluence wrote in their blog post. “This could prove to be a very valuable data source for attackers and red teamers alike. With this, I can now search the dataset at any time for target companies to see if employees may have disclosed sensitive information by accident.”

404 Media verified some of dead1influence’s findings by discovering specific material they flagged in the dataset, then going to the still-public LLM link and checking the content.

💡
Do you know anything else about this? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

Most of the companies whose AI tools are included in the dataset did not respond to a request for comment. Microsoft which owns Copilot acknowledged a request for comment but didn't provide a response in time for publication. A spokesperson for Anthrophic, which owns Claude, told 404 Media: “We give people control over sharing their Claude conversations publicly, and in keeping with our privacy principles, we do not share chat directories or sitemaps with search engines like Google. These shareable links are not guessable or discoverable unless people choose to publicize them themselves. When someone shares a conversation, they are making that content publicly accessible, and like other public web content, it may be archived by third-party services. In our review of the sample archived conversations shared with us, these were either manually requested to be indexed by a person with access to the link or submitted by independent archivist organizations who discovered the URLs after they were published elsewhere across the internet first.” 404 Media only shared a small sample of the Claude links with Anthrophic, not the entire list.

Fast Company first reported that Google was indexing some ChatGPT conversations on July 30. This was because of a sharing feature ChatGPT had that allowed users to send a link to a ChatGPT conversation to someone else. OpenAI disabled the sharing feature in response. OpenAI CISO Dane Stuckey said in a previous statement sent to 404 Media: “This was a short-lived experiment to help people discover useful conversations. This feature required users to opt-in, first by picking a chat to share, then by clicking a checkbox for it to be shared with search engines.”

A researcher who requested anonymity gave 404 Media access to a dataset of nearly 100,000 ChatGPT conversations indexed on Google. 404 Media found those included the alleged texts of non-disclosure agreements, discussions of confidential contracts, and people trying to use ChatGPT for relationship issues.

Others also found that the Internet Archive contained archived LLM chats.

The ChatGPT confession files

Digital Digging investigation: how your AI conversation could end your career

^{Henk van Ess (Digital Digging with Henk van Ess)}

404 Media

2025-07-21 13:05:07

A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors

When your laptop is infected with infostealing malware, it’s not just hackers that might get your passwords, billing and email addresses, and a list of sites or services you’ve created accounts on, potentially including some embarrassing ones. A private intelligence company run by a young founder is now taking that hacked data from what it says are more than 50 million computers, and reselling it for profit to a wide range of different industries, including debt collectors; couples in divorce proceedings; and even companies looking to poach their rivals’ customers. Essentially, the company is presenting itself as a legitimate, legal business, but is selling the same sort of data that was previously typically sold by anonymous criminals on shady forums or underground channels.

Multiple experts 404 Media spoke to called the practice deeply unethical, and in some cases the use of that data probably illegal. The company is also selling access to a subset of the data to anyone for as little as $50, and 404 Media used it to uncover unsuspecting victims’ addresses.

The activities of the company, called Farnsworth Intelligence, show a dramatic shift in the bevvy of companies that collect and sell access to so-called open source intelligence, or OSINT. Historically, OSINT has included things like public social media profiles or flight data. Now, companies increasingly see data extracted from peoples’ personal or corporate machines and then posted online as fair game not just to use in their own investigations, but to repackage and sell too.

“To put it plainly this company is profiting off of selling stolen data, re-victimizing people who have already had their personal devices compromised and their data stolen,” Cooper Quintin, senior public interest technologist at the Electronic Frontier Foundation (EFF), told 404 Media. “This data will likely be used to further harm people by police using it for surveillance without a warrant, stalkers using it to gather information on their targets, high level scams, and other damaging motives.”

💡
Do you know anything else about people selling data to debt collectors or these other industries? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

Infostealers are pieces of malware, often stealthily bundled in a piece of pirated software, that steal a victim’s cookies, login credentials, and often more information stored in their browser too. On its website, Farnsworth lays out several potential uses for that stolen data. This includes “skip tacing,” presumably a typo of skip tracing, which is where a private individual or company tracks someone down who owes a debt. The website says users can “find debtors up-to-date addresses.” Another use case is to “Find high impact evidence that can make/break the case of million dollar lawsuits, high value divorce cases, etc.” A third is to “generate lead lists of customers/users from competitors [sic] companies,” because the data could show which competing products they have login credentials for, and, presumably, use.

Calli Schroeder, senior counsel at the Electronic Privacy Information Center (EPIC), told 404 Media that the use cases Farnsworth offers are “not only morally questionable [...] but may not be legal or usable in some cases.” For the litigation one, courts are split on using stolen information as evidence in legal proceedings. When hackers targeted the dating site Ashley Madison, for example, a judge ruled that despite the data being publicly published it was still confidential and stolen and couldn’t be used. Most judges will not allow illegally obtained evidence in divorce proceedings either, Schroeder said.

Then for using the data to build a list of customers of competitors, Schroeder said that “may very well fall under corporate espionage and trade secrets violations, depending on what information is taken.”

“This is so gross and predatory. They are facilitating and enabling further exploitation of victims of a crime and bragging about how multiple criminal acts make their business better. Moral bankruptcy is common in this industry, but I rarely see a company so proud of it,” Schroeder added.
playlist.megaphone.fm?p=TBIEA2…
Farnsworth did not respond to multiple requests for comment. Aidan Raney, the company’s 23 year-old founder, did not respond to multiple Signal messages sent to an account he has previously used to communicate with 404 Media.

Farnsworth offers two infostealer related products. The first is Farnsworth’s “Infostealer Data Platform,” which lists those above use cases. This can display hacking victims’ full text passwords, and requires potential users to contact Farnsworth for access. The company asks applicants to explain their use case, and can include “private investigations, intelligence, journalism, law enforcement, cyber security, compliance, IP/brand protection,” and several others, according to its website.

The second product is infostealers.info, a publicly available service that requires no due diligence to enter. It only asks for a minimum of $50 to search through the results. These don’t include victims’ full passwords, but the platform still includes a wide range of sensitive information. Recently infostealers.info introduced the ability to search for data stored in a hacking victim’s autofill. That is, data stored in the browser for convenience that can automatically populate when filling out a form, such as a billing address. Using this tool, 404 Media was able to extract multiple peoples’ billing addresses. One was in Staten Island, New York, which appeared to be someone’s private residence. Another address was in India.

Inside the Massive Crime Industry That is Hacking Billion Dollar Companies
When you download that piece of pirated software, you might be also getting a piece of infostealer malware, and entering a highly complex hacking ecosystem that is fueling some of the biggest breaches on the planet.
404 MediaJoseph Cox

In other words, these people had been hacked, and now anyone with $50 was able to search through data stolen from their computer.

“This should also be an example of how once your data is lost in a breach you can't control what will happen to it. It can be used by law enforcement, stalkers, scammers, advertisers, or anyone with access to it. It's a stark reminder of why digital security is important even if you think you have nothing to hide,” Quintin from the EFF added.

Hackers running infostealer operations often create Telegram channels where they upload personal data their malware has stolen. Other criminals can then pay to access this stolen data. The administrator of one prolific infostealer campaign previously told 404 Media “this brings us good income, but I am not ready to disclose specific amounts.” Infostealers operators often then publish stolen credentials on Telegram for free, likely as a way to advertise their paid offerings. Farnsworth did not respond when asked if it is buying this stolen data from hackers to then put into its product.

Cybersecurity researchers have used infostealer data to unmask criminals. Hudson Rock, another company that sells infostealer-related services, used it to uncover information on two alleged fraudsters on the FBI’s Most Wanted List. Last year cybersecurity firm RecordedFuture said it found 3,334 unique credentials used to access child abuse imagery websites. It says it used that data to identify two individuals. In a LinkedIn post on Tuesday, Raney said the company has explored its own dataset in a similar way.

But those are different use cases to selling infostealer data on the open market or for potentially illegal use cases.

Quintin said “It would be illegal and unethical to sell stolen cell phones even if you didn't steal them yourself, and I don't see how this is any different.”

Infostealer data can unmask Tor users and attribute the users/admins of CSAM distribution forums...

Infostealer data can unmask Tor users and attribute the users/admins of CSAM distribution forums... After exploring our infostealer data at Farnsworth Intelligence we learned that the users and admins of countless dark web forums, such as those dist…

^{Aidan Raney (www.linkedin.com)}