Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
FCC Bans Chinese Telecom Equipment From Huawei, ZTE, Others Over Security Risks
July 2, 2026
Critical JetBrains Flaws Allow Auth Bypass, Code Execution
July 2, 2026
Critical Microsoft Defender, Sysmon Flaw Lets Attackers Disable Security
July 2, 2026
Home/CyberSecurity News/OpenAI Sued Over ChatGPT Data Sharing with Google and Meta
CyberSecurity News

OpenAI Sued Over ChatGPT Data Sharing with Google and Meta

Key Takeaways OpenAI is facing a class-action lawsuit alleging unauthorized sharing of ChatGPT user data with Meta and Google. The complaint claims sensitive user conversations, identifiers, and...

Jennifer sherman
Jennifer sherman
May 14, 2026 4 Min Read
43 0

Key Takeaways

  • OpenAI is facing a class-action lawsuit alleging unauthorized sharing of ChatGPT user data with Meta and Google.
  • The complaint claims sensitive user conversations, identifiers, and contact details were transmitted to third-party ad platforms without consent.
  • The lawsuit cites violations of the federal Electronic Communications Privacy Act (ECPA) and California’s Invasion of Privacy Act (CIPA).
  • If successful, the litigation could lead to significant statutory damages and reshape how AI platforms handle user data and integrate tracking technologies.

OpenAI Accused of Covert Data Sharing in New Lawsuit

OpenAI Global LLC is currently embroiled in a class-action lawsuit filed in the Southern District of California, alleging that the company secretly integrated Meta’s Facebook Pixel and Google Analytics into its ChatGPT web interface. This integration, the lawsuit claims, transformed private chatbot conversations into valuable tracking data for online advertising networks.

Table Of Content

  • Key Takeaways
  • OpenAI Accused of Covert Data Sharing in New Lawsuit
  • Allegations Against Meta’s Facebook Pixel
  • Allegations Against Google Analytics and Ads
  • Legal Framework and Potential Impact

The complaint, initiated by California resident Amargo Couture on behalf of all U.S. users who have interacted with ChatGPT.com, asserts that OpenAI disclosed users’ chat topics, personal identifiers, and contact information to Meta and Google without explicit consent. This alleged conduct is cited as a breach of the federal Electronic Communications Privacy Act (ECPA), California’s Invasion of Privacy Act (CIPA), and state constitutional privacy protections.

The legal document highlights that ChatGPT is frequently utilized for discussions involving “sensitive and personal topics,” including financial matters, health concerns, and legal issues. It further suggests that a substantial portion of proprietary company data entered into ChatGPT is confidential.

Users, the lawsuit argues, held a reasonable expectation that their interactions with the AI would remain private and not be disseminated to external ad technology platforms. This legal challenge emerges amidst a growing number of privacy and copyright disputes targeting generative AI technologies, following previous lawsuits that questioned OpenAI’s data collection and training methodologies.

Allegations Against Meta’s Facebook Pixel

The lawsuit details how the Facebook Pixel code, embedded within ChatGPT’s web pages, allegedly initiates silent, real-time HTTP requests to Facebook’s servers with every user interaction. These requests are said to include contextual information derived from the chat, such as a browser tab title like “Super Bowl 2005 Winner” originating from a user query. Crucially, the requests also reportedly contain cookies, including c_user, fr, and fbp, which can be linked to a specific Facebook account via the user’s Facebook ID.

Meta’s own documentation is referenced in the complaint to assert that this telemetry data is subsequently fed into its “Core Audiences,” “Custom Audiences,” and “Lookalike Audiences” systems. This process, it is claimed, facilitates highly granular advertising targeting across Facebook and Instagram platforms.

Allegations Against Google Analytics and Ads

Regarding Google, the complaint posits that Google Analytics and associated Google Ads tags capture hashed email addresses used for ChatGPT sign-ups or logins. Additionally, device and browser identifiers, along with other Google Signals cookies, are allegedly collected to map user activity to logged-in Google profiles.

The legal filing includes sample network traces that reportedly show event payloads where a hashed email address appears under an “em” field, alongside cookies such as Secure-3PSID, which are linked to Google account identities.

Google Analytics is then accused of augmenting this data with cross-device behavior patterns, demographic signals, and remarketing capabilities. This, the lawsuit contends, enables OpenAI and Google to retarget users based on their ChatGPT activity and integrate these events into broader advertising and analytics products.

Legal Framework and Potential Impact

Substantively, the lawsuit contends that OpenAI “intentionally installed wiretaps” on ChatGPT.com by embedding Meta and Google tracking scripts, thereby facilitating third-party interception of user communications. Under ECPA, the plaintiffs argue that each ChatGPT interaction constitutes an “electronic communication,” and transmitting these communications to Meta and Google via client-side JavaScript and tracking pixels qualifies as an unlawful interception, disclosure, and use.

Under CIPA Sections 631 and 632, the Meta Pixel and Google Analytics tags, along with their associated cookies and servers, are characterized as “machines, instruments, or contrivances” used to read or observe the content of communications and to eavesdrop on confidential sessions without the consent of all parties involved.

The proposed nationwide class encompasses all U.S. residents whose personally identifiable information (PII) and ChatGPT communications were allegedly disclosed to third parties through the website. A California subclass is seeking statutory damages under CIPA, potentially amounting to up to 5,000 USD per violation.

The plaintiffs are also seeking injunctive relief, which would compel OpenAI to remove or redesign its tracking integrations and prohibit further disclosure of chatbot-derived data to ad technology partners. If certified and successful, this case could expose OpenAI to significant statutory damages and effectively subject browser-based tracking of AI chats to the same legal scrutiny currently applied to health-site pixels and session-replay scripts, which have recently faced aggressive enforcement and litigation.

For cybersecurity and privacy professionals, these allegations underscore critical considerations regarding the instrumentation of AI front-ends. The embedding of generic marketing pixels and analytics tags into AI tools that process highly sensitive, free-form text may inadvertently create unexpected surveillance channels that regulators and courts could interpret as wiretaps. The detailed network captures presented in the complaint, from tab titles to cookie values, provide a clear indication of how plaintiffs’ experts are now scrutinizing AI platforms for covert data flows to third-party domains. Organizations deploying commercial Large Language Model (LLM) front-ends or developing their own should anticipate similar examinations and urgently reassess their telemetry, cookie consent mechanisms, and data-sharing agreements to ensure that sensitive AI conversations are not inadvertently leaking into advertising ecosystems due to outdated web-tracking configurations.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

Security

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Critical Langflow CVE-2026-33017 vulnerability lets attackers steal AWS keys

Next Post

Palo Alto Networks Patches Critical PAN-OS Zero-Day Allowing Root Code Execution

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
WinRAR 7.23 Patches Critical Heap Overflow Vulnerability CVE-2024-XXXX
July 2, 2026
Medtronic Confirms Data Breach, Corporate IT Systems Compromised
July 2, 2026
Critical ClamAV Vulnerabilities Let Attackers Trigger DoS
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us