Facepalm: Twitter has long assured people that its verification of accounts guarantees that the person operating them is genuine, but it seems the system isn't infallible. The company admitted it accidentally awarded the blue tick to six fake accounts a few weeks after reintroducing the public verification program.
Data scientist Conspirador Norteño (via the Daily Dot) discovered the accounts had been created on July 16. Not one of them had made a single tweet, and they shared nearly all the same followers. Additionally, two of the accounts' profile pictures were stock images, and others were created using AI.
Many of the accounts' combined 976 followers also used computer-generated photos of humans, and cats, for their profile pictures. Of the few that had tweeted, nearly all of the content was related to automated Korean spam. Norteño says they were part of a botnet consisting of at least 1,212 accounts.
These 976 accounts are part of an astroturf botnet consisting of (at least) 1212 accounts. The network is split into followers, which follow the aforementioned verified accounts as well as other members of the botnet, and followees, which are followed by the other bots. pic.twitter.com/wKKfC2PRX8--- Conspirador Norteño (@conspirator0) July 12, 2021
"We mistakenly approved the verification applications of a small number of inauthentic (fake) accounts," Twitter told the Daily Dot in a statement. "We have now permanently suspended the accounts in question, and removed their verified badge, under our platform manipulation and spam policy."
Although Twitter claims the verifications were an accident, Alex Stamos, Facebook's former chief security officer, put forward a different theory. "You might have a malicious or bribed insider," he tweeted. "Something similar happened at IG (paid off by spammers, in that case)."
cc @rinkisethi--- Alex Stamos (@alexstamos) July 12, 2021
You might have a malicious or bribed insider. Something similar happened at IG (paid off by spammers, in that case).
Twitter relaunched its public verification program in May, allowing anyone to apply for the blue tick for the first time since 2017. Part of the new criteria requires accounts to be "authentic, notable, and active," none of which applies to the six now-suspended fakes it verified.