Twitter is requiring password resets for users who signed up for “suspicious” third-party programs that promise to automatically (or magically) get them followers. Twitter usually pushes out password resets to users whose accounts it believes have been compromised due to phishing or other attacks.
“We’re currently pushing out password resets to users who signed up for 3rd party follower-adder sites linked to suspicious behavior,” Twitter said earlier today on the account it uses to gather and spread information about spam, @spam.
It’s not hard to find services that promise followers for anywhere from $5 to more than $50 a month that work by joining a group of users that all automatically follow each other, or by automatically adding followers and removing those that don’t follow back. “MORE FOLLOWERS = MORE EXPOSURE = MORE $$$,” screams one site that advertises more than 2,000 followers for $177.
These applications and the methods they use violate Twitter’s terms of service, and using or promoting third-party sites that claim to get you more followers is explicitly verboten.
Some Follower-Adders Bypassed Authentication
Third party applications are supposed to use the Basic Auth or oAuth authentication protocol that allows users to approve an application to act on their behalf without giving up their passwords.
But some adder-follower applications ask for a password directly from the user. Users who do this won’t be able to remove that application from their Twitter accounts – instead, they must manually change their passwords in order to cut the application off.
Suspicious Behavior
Twitter warns that such applications can post “duplicated, spam, or malicious updates and links, send unwanted direct messages, aggressively follow, or violate other Twitter rules with your account,” all while collecting low-quality followers that are bots or abandoned accounts.
Twitter spokeswoman Carolyn Penner sent these statements:
We forced a password reset for users who previously gave their password to sites that did not use oAuth. This means that these sites had their password and could do things like make people follow or unfollow accounts, or automatically send spammy Tweets on their behalf without their knowledge. We emailed these users to let them know about the password reset and to warn them that they shouldn’t share their password with other sites in the future.
Resetting passwords is one of the tools we use to protect our users, and we do this on a regular and ongoing basis.
This time, the vast majority of password resets were pushed to users who gave their password to follower-adder sites; however, there were some users whom we believe were compromised through other vectors.If a third-party application causes you to violate the Twitter terms of service, your account may be suspended, Twitter warns.
Should Follower-Adders Be Banned?
But an informal survey on Twitter reveals mixed feelings about this particular breed of spammer. ReadWriteWeb co-editor Marshall Kirkpatrick asked whether people who use “buy more followers” programs should have their Twitter accounts suspended, and got a range of opinions, including:
@Ed: Yes I do, because they get hacked and inject malware into the system. (But if I told you who’s used them, you’d faint)
@sophware: Judging a Twitter experience by # of followers is sad. We’re all essentially following each other. BTW – what is the violation?
@graubart: if people want to throw money away – let them. There’s no benefit to those you pay to acquireWhat do you think?