Twitter verification of bots may have been corruption rather than error

A data scientist yesterday questioned the Twitter verification of bots – accounts which didn’t meet the social network’s own stated criteria for the blue checkmark, and which appeared to be part of a botnet.

Twitter has now said that it made a mistake, though an alternate theory has been suggested …


We’ve previously summarized the rather checkered history of the blue checkmark.

Twitter verification was first introduced back in 2009, when it was mostly an invitation-only process. Twitter would proactively reach out to accounts held by public figures to invite them to confirm their identity in order to have their accounts verified. 

In 2017, the company began actively inviting applications from those who felt their accounts should qualify – but soon abandoned this when it ending up verifying accounts belonging to neo-Nazis. The company said at the time that the blue checkmark was not an endorsement of accounts, merely confirmation that they were who they claimed to be – but it was obvious that reform was needed.

There was then an extremely long hiatus before Twitter relaunched its verification program in a far more transparent format. Twitter listed three criteria for verification. Users need to be notable, authentic and active.

Some of those who felt they met the stated criteria had their applications rejected, leading Twitter to clarify its criteria.

Twitter verification of bot accounts

However, a data scientist tweeting as Conspirador Norteño yesterday pointed to six verified accounts that didn’t meet the criteria, and which seemed to be part of a botnet posting Korean spam.

Meet @aykacmis, @degismece, @anlamislar, @aykacti, @kayitlii, and @donmedim, a sextet of blue-check verified Twitter accounts created on June 16th, 2021. None has yet tweeted and all have roughly 1000 followers (and mostly the same followers).

These six newly-created verified accounts have 977 followers in common. One is @verified (which follows all blue-check verified accounts). The other 976 were all created on June 19th or June 20th, 2021, and all follow the same 190 accounts.

These 976 accounts are part of an astroturf botnet consisting of (at least) 1212 accounts. The network is split into followers, which follow the aforementioned verified accounts as well as other members of the botnet, and followees, which are followed by the other bots.

The fake accounts mostly used computer-generated profile images, along with some stolen ones.

Daily Dot reports that Twitter has now admitted that this was a mistake.

“We mistakenly approved the verification applications of a small number of inauthentic (fake) accounts.,” a Twitter spokesperson said. “We have now permanently suspended the accounts in question, and removed their verified badge, under our platform manipulation and spam policy.”

However, one high-profile security expert suspects corruption rather than error.

Alex Stamos, Facebook’s former chief security officer, suggested that the verification could have been an inside job.

“You might have a malicious or bribed insider,” Stamos tweeted. “Something similar happened at IG (paid off by spammers, in that case).”