Hijacked Twitter Handles

[edsu]

If an agency registers a Twitter account and then decides to change their handle the registry should notice and update the listed handle. If this checking isn't performed then other parties can come in and register the released handle and pose as the agency.

For an analysis of this actually happening please see this writeup concerning the accounts that Twitter suspended because of suspected Russian interference in the election.

In an ideal world the registrant would update the registry themselves. But this isn't really practical. It should be possible for the registry to automatically verify by keeping track of the Twitter user id (which is persistent) and using Twitter's API to periodically check the handles.

[ryanwoldatwork]

Hi @edsu - a feature to re-request internal verification if an account is changed, is planned for.

And, using the API's are a good idea, but invoke other concerns regarding application boundaries. So I can't commit to this yet, but noted!