This week while scrolling on X, formerly Twitter, I noticed that I had reposted a series of TechCrunch articles. Except, wait, no, I hadn’t.
But someone else using my name had. I clicked on the profile, and there was another Rebecca Bellan, using the same default and header photos as my actual profile: me onstage at TechCrunch Disrupt 2022 and side-eye Chloe, respectively. The bio read, “@Techcrunch senior reporter | journalist,” and it had the location set to NY, where I am currently based. The account was created in May 2024.
Perhaps most surprising after realizing that someone — who? A bot?! — had created an impersonator account of me was the fact that they had ostensibly paid to do so, as evidenced by the little blue checkmark next to my name.
When X was still Twitter, the blue checkmark would let other users know that a profile had been verified as a person of note. But since Elon Musk’s hostile takeover, that checkmark now means that a user has paid at least $8 per month for a premium subscription that gets them access to longer posts, fewer ads, better algorithmic consideration and Grok. And while X changed tack in April and gave the verification badge back to some users based on number of followers, the blue checkmark could also mean someone is a fan of Musk. Don’t believe me? Just check all the zealous reply guys on any of Musk’s posts.
Anyway, I am neither a paid subscriber nor a fan.
I’m also not the only one who was targeted with impersonation accounts. A handful of TechCrunch journalists have also been impersonated on the platform. Some of the accounts, including my own fake one, have been suspended after being reported to X. But this only tells us that X is actively aware of this problem.
And the problem is that impersonation attacks like these are so much easier to carry out because of the degradation of X’s verification system, which actually doesn’t seem to require any identity verification at all. Having a pay-to-play blue check system just begs bad actors and nation-states to abuse it.
Really, X should have learned its lesson by now. When Musk initially rolled out what was then called Twitter Blue in November 2023, the feature was quickly weaponized to help bad actors pretend to be celebrities, corporations and government officials. One account impersonated pharma company Eli Lilly and posted a fake announcement that insulin is now free. That tweet was viewed millions of times before it was removed, and the company’s stock took a hit as a result.
Another account pretended to be basketball star LeBron James and posted that he was officially asking for a trade from the Lakers team. Another posed as Connor McDavid and announced that the hockey player’s contract had been bought by the New York Islanders.
The accounts pretending to be TechCrunch journalists have been, so far, benign. All they’ve done is repost content that honestly any one of us might have reposted anyway. This suggests that, rather than particularly malicious actors, the accounts were likely created by bots.
We’ve been covering X’s Verified user bot problem for some time. The irony is that Musk suggested that forcing users to pay for verification would actually weed out the bots on the platform, but clearly that’s not the case.
For those who have been impersonated, you can report it to X, which will make you do a third-party verification that involves uploading photos of your government-issued ID and a selfie. I also asked co-workers, friends and followers to report the impersonation to X on my behalf, which may have expedited the process.
X did not respond to TechCrunch to provide comment on how many of its users might actually be bots, why this problem is still occurring, or what the platform is doing to solve it.
Comment