ChatGPT Recommendations Potentially Influenced By Hacked Sites via @sejournal, @MattGSouthern
An investigation by SEO expert James Brockbank shows that ChatGPT may cite hacked websites and expired domains in business recommendations. The post ChatGPT Recommendations Potentially Influenced By Hacked Sites appeared first on Search Engine Journal.

An investigation by SEO professional James Brockbank reveals that ChatGPT may be recommending businesses based on content from hacked websites and expired domains.
The findings aren’t a comprehensive study but the result of personal testing and observations. Brockbank, who serves as Managing Director at Digitaloft, says his report emerged from exploring how brands gain visibility in ChatGPT’s responses.
His analysis suggests that some actors are successfully gaming the system by publishing content on compromised or repurposed domains that retain high authority signals.
This content, despite being irrelevant or deceptive, can surface in ChatGPT-generated business recommendations.
“I believe that the more we understand about why certain citations get surfaced, even if these are spammy and manipulative, the better we understand how these new platforms work.”
How Manipulated Content Appears In ChatGPT Responses
Brockbank identified two main tactics that appear to influence ChatGPT’s business recommendations:
1. Hacked Websites
In multiple examples, ChatGPT surfaced gambling recommendations that traced back to legitimate websites that had been compromised.
One case involved a California-based domestic violence attorney whose site was found hosting a listicle about online slots.
Other examples included a United Nations youth coalition website and a U.S. summer camp site. They were both seemingly hijacked to host gambling-related content, including pages using white text on a white background to evade detection.
2. Expired Domains
The second tactic involves acquiring expired domains with strong backlink profiles and rebuilding them to promote unrelated content.
In one case, Brockbank discovered a site with over 9,000 referring domains from sources like BBC, CNN, and Bloomberg. The domain, once owned by a UK arts charity, had been repurposed to promote gambling.
Brockbank explained:
“There’s no question that it’s the site’s authority that’s causing it to be used as a source. The issue is that the domain changed hands and the site totally switched up.”
He also found domains that previously belonged to charities and retailers now being used to publish casino recommendations.
Why This Content Is Surfacing
Brockbank suggests that ChatGPT favors domains with perceived authority and recent publication dates.
Additionally, he finds ChatGPT’s recommendation system may not sufficiently evaluate whether the content aligns with the original site’s purpose.
Brockbank observed:
“ChatGPT prefers recent sources, and the fact that these listicles aren’t topically relevant to what the domain is (or should be) about doesn’t seem to matter.”
Brockbank acknowledges that being featured in authentic “best of” listicles or media placements can help businesses gain visibility in AI-generated results.
However, leveraging hacked or expired domains to manipulate source credibility crosses an ethical line.
Brockbank writes:
“Injecting your brand or content into a hacked site or rebuilding an expired domain solely to fool a language model into citing it? That’s manipulation, and it undermines the credibility of the platform.”
What This Means
While Brockbank’s findings are based on individual testing rather than a formal study, they surface a real concern: ChatGPT may be citing manipulated sources without fully understanding their origins or context.
The takeaway isn’t just about risk, it’s also about responsibility. As platforms like ChatGPT become more influential in how users discover businesses, building legitimate authority through trustworthy content and earned media will matter more than ever.
At the same time, the investigation highlights an urgent need for companies to improve how these systems detect and filter deceptive content. Until that happens, both users and businesses should approach AI-generated recommendations with a dose of skepticism.
Brockbank concluded:
“We’re not yet at the stage where we can trust ChatGPT recommendations without considering where it’s sourced these from.”
For more insights, see the original report at Digitaloft.
Featured Image: Mijansk786/Shutterstock