Security Experts:

Connect with us

Hi, what are you looking for?



Twitter Unveils New Processes for Fighting Spam, Bots

Twitter this week shared some details on new processes designed to prevent malicious automation and spam, along with data on the positive impact of the measures implemented in the past period.

Twitter this week shared some details on new processes designed to prevent malicious automation and spam, along with data on the positive impact of the measures implemented in the past period.

Spam and bots are highly problematic on Twitter, but the social media giant says it has rolled out some new systems that have helped its fight against these issues. The company claims that last month it challenged more than 9.9 million potentially spammy or automated accounts every week, up from 6.4 million in December last year.

Twitter says it now removes 214% more spam accounts compared to 2017. It also claims that recent changes have led to a significant drop in spam reports received from users, from 25,000 daily reports in March to 17,000 in May.

The company also reported suspending over 142,000 apps in the first quarter of 2018, more than half of which were shut down within a week or even within hours after being registered.

One measure implemented recently by Twitter involves updating account metrics in near-real time. Spam accounts and bots often follow other accounts in bulk and this type of behavior should quickly be caught by Twitter’s systems. However, the company has now also decided to remove follower and engagement counts from suspicious accounts that have been put into a read-only state until they pass a challenge, such as confirming a phone number.

“We also display a warning on read-only accounts and prevent new accounts from following them to help prevent inadvertent exposure to potentially malicious content,” Twitter’s Yoel Roth and Del Harvey said in a blog post.

The company has also made some changes to its sign-up process to make it more difficult to register spam accounts. This includes requiring new accounts to confirm an email address or phone number.

Existing accounts are also being audited to ensure that they weren’t created using automation.

“As part of this audit, we’re imminently taking action to challenge a large number of suspected spam accounts that we caught as part of an investigation into misuse of an old part of the signup flow,” Roth and Harvey explained. “These accounts are primarily follow spammers, who in many cases appear to have automatically or bulk followed verified or other high-profile accounts suggested to new accounts during our signup flow.”

Finally, Twitter says it has expanded its malicious behavior detection systems with tests that can involve solving a reCAPTCHA or responding to a password reset request. Complex cases are passed on to Twitter employees for review.

Twitter also announced this week that users can configure a USB security key as part of the two-factor authentication (2FA) process.

On June 21, Twitter revealed that it entered an agreement to acquire Smyte, which specializes in safety, spam and security issues. By acquiring the company, the social media giant hopes to “improve the health of conversation on Twitter.”

Related: Twitter Urges Password Changes After Exposing ‘Unmasked’ Credentials

Related: Twitter Flaw Allowed Access to Locked Accounts

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.