Security Experts:

Twitter Unveils New Processes for Fighting Spam, Bots

Twitter this week shared some details on new processes designed to prevent malicious automation and spam, along with data on the positive impact of the measures implemented in the past period.

Spam and bots are highly problematic on Twitter, but the social media giant says it has rolled out some new systems that have helped its fight against these issues. The company claims that last month it challenged more than 9.9 million potentially spammy or automated accounts every week, up from 6.4 million in December last year.

Twitter says it now removes 214% more spam accounts compared to 2017. It also claims that recent changes have led to a significant drop in spam reports received from users, from 25,000 daily reports in March to 17,000 in May.

The company also reported suspending over 142,000 apps in the first quarter of 2018, more than half of which were shut down within a week or even within hours after being registered.

One measure implemented recently by Twitter involves updating account metrics in near-real time. Spam accounts and bots often follow other accounts in bulk and this type of behavior should quickly be caught by Twitter’s systems. However, the company has now also decided to remove follower and engagement counts from suspicious accounts that have been put into a read-only state until they pass a challenge, such as confirming a phone number.

“We also display a warning on read-only accounts and prevent new accounts from following them to help prevent inadvertent exposure to potentially malicious content,” Twitter’s Yoel Roth and Del Harvey said in a blog post.

The company has also made some changes to its sign-up process to make it more difficult to register spam accounts. This includes requiring new accounts to confirm an email address or phone number.

Existing accounts are also being audited to ensure that they weren’t created using automation.

“As part of this audit, we’re imminently taking action to challenge a large number of suspected spam accounts that we caught as part of an investigation into misuse of an old part of the signup flow,” Roth and Harvey explained. “These accounts are primarily follow spammers, who in many cases appear to have automatically or bulk followed verified or other high-profile accounts suggested to new accounts during our signup flow.”

Finally, Twitter says it has expanded its malicious behavior detection systems with tests that can involve solving a reCAPTCHA or responding to a password reset request. Complex cases are passed on to Twitter employees for review.

Twitter also announced this week that users can configure a USB security key as part of the two-factor authentication (2FA) process.

On June 21, Twitter revealed that it entered an agreement to acquire Smyte, which specializes in safety, spam and security issues. By acquiring the company, the social media giant hopes to “improve the health of conversation on Twitter.”

Related: Twitter Urges Password Changes After Exposing 'Unmasked' Credentials

Related: Twitter Flaw Allowed Access to Locked Accounts

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.