touchpoints icon indicating copy to clipboard operation
touchpoints copied to clipboard
verified publisher icon GSA

Hijacked Twitter Handles

Open edsu opened this issue 8 years ago • 1 comments

If an agency registers a Twitter account and then decides to change their handle the registry should notice and update the listed handle. If this checking isn't performed then other parties can come in and register the released handle and pose as the agency.

For an analysis of this actually happening please see this writeup concerning the accounts that Twitter suspended because of suspected Russian interference in the election.

In an ideal world the registrant would update the registry themselves. But this isn't really practical. It should be possible for the registry to automatically verify by keeping track of the Twitter user id (which is persistent) and using Twitter's API to periodically check the handles.

edsu avatar Nov 05 '17 17:11 edsu

Hi @edsu - a feature to re-request internal verification if an account is changed, is planned for.

And, using the API's are a good idea, but invoke other concerns regarding application boundaries. So I can't commit to this yet, but noted!

ryanwoldatwork avatar Nov 16 '22 20:11 ryanwoldatwork