The Twitter logo with a robot emoji

Twitter Mikael Thalen

Twitter verified a number of bot accounts—raising questions about security (updated)

Six users with fake profile pics were seemingly verified less than one month after being created.

 

Mikael Thalen

Tech

Published Jul 12, 2021   Updated Jul 12, 2021, 11:06 pm CDT

Questions have been raised over Twitter’s verification process after a handful of suspicious accounts were seen with blue checkmarks.

Featured Video Hide

In a tweet thread on Sunday, Twitter user Conspirador Norteño, a data scientist focused on disinformation, highlighted six newly-created accounts that had all been verified.

Advertisement Hide

While it’s common for malicious actors to hack into already-verified accounts, the six users had all been created just 26 days ago. Not only that, the accounts shared nearly all the same followers and had not made a single tweet.

The profile pictures for two of the accounts even appeared to be stock images, while others seem to have been created with artificial intelligence. Dozens of the accounts’ followers looked the same as well, using computer-generated photos of humans and cats for their profiles.

Advertisement Hide

Although the majority of the accounts and their followers had not tweeted, several had. Conspirador Norteño noted that of the handful that had made tweets, nearly all of the content was related to automated Korean spam.

In a statement to the Daily Dot, Twitter confirmed that it had inadvertently verified the “inauthentic” accounts:

Advertisement Hide

“We mistakenly approved the verification applications of a small number of inauthentic (fake) accounts.,” a Twitter spokesperson said. “We have now permanently suspended the accounts in question, and removed their verified badge, under our platform manipulation and spam policy.”

While questions remain, Alex Stamos, Facebook’s former chief security officer, suggested that the verification could have been an inside job.

“You might have a malicious or bribed insider,” Stamos tweeted. “Something similar happened at IG (paid off by spammers, in that case).”

Advertisement Hide

Stamos also noted that many of the account names appeared to be Turkish, suggesting that the incident could be linked to a nation-state operation.

As of Monday morning, all of the six primary verified accounts have been removed by Twitter.

This post has been updated to include a statement from Twitter.

Share this article
*First Published: Jul 12, 2021, 11:59 am CDT