The Twitter logo with a robot emoji

Twitter Mikael Thalen

Twitter verified a number of bot accounts—raising questions about security (updated)

Six users with fake profile pics were seemingly verified less than one month after being created.

 

Mikael Thalen

Tech

Posted on Jul 12, 2021   Updated on Aug 4, 2021, 3:43 pm CDT

Questions have been raised over Twitter’s verification process after a handful of suspicious accounts were seen with blue checkmarks.

In a tweet thread on Sunday, Twitter user Conspirador Norteño, a data scientist focused on disinformation, highlighted six newly-created accounts that had all been verified.

While it’s common for malicious actors to hack into already-verified accounts, the six users had all been created just 26 days ago. Not only that, the accounts shared nearly all the same followers and had not made a single tweet.

The profile pictures for two of the accounts even appeared to be stock images, while others seem to have been created with artificial intelligence. Dozens of the accounts’ followers looked the same as well, using computer-generated photos of humans and cats for their profiles.

Although the majority of the accounts and their followers had not tweeted, several had. Conspirador Norteño noted that of the handful that had made tweets, nearly all of the content was related to automated Korean spam.

In a statement to the Daily Dot, Twitter confirmed that it had inadvertently verified the “inauthentic” accounts:

“We mistakenly approved the verification applications of a small number of inauthentic (fake) accounts.,” a Twitter spokesperson said. “We have now permanently suspended the accounts in question, and removed their verified badge, under our platform manipulation and spam policy.”

While questions remain, Alex Stamos, Facebook’s former chief security officer, suggested that the verification could have been an inside job.

“You might have a malicious or bribed insider,” Stamos tweeted. “Something similar happened at IG (paid off by spammers, in that case).”

Stamos also noted that many of the account names appeared to be Turkish, suggesting that the incident could be linked to a nation-state operation.

As of Monday morning, all of the six primary verified accounts have been removed by Twitter.

This post has been updated to include a statement from Twitter.


Read more of the Daily Dot’s tech and politics coverage

Nevada’s GOP secretary of state candidate follows QAnon, neo-Nazi accounts on Gab, Telegram
Court filing in Bored Apes lawsuit revives claims founders built NFT empire on Nazi ideology
EXCLUSIVE: ‘Say hi to the Donald for us’: Florida police briefed armed right-wing group before they went to Jan. 6 protest
Inside the Proud Boys’ ties to ghost gun sales
‘Judas’: Gab users are furious its founder handed over data to the FBI without a subpoena
EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
Share this article
*First Published: Jul 12, 2021, 11:59 am CDT