Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

Station F emerges as a launch pad for Europe’s hottest AI startups

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    If you use Google, you train its AI. See how you can opt out.

    6 July 2026

    Amazon will stop accepting new customers for Mechanical Turk

    6 July 2026

    Yes, we use OpenClaw to this day

    5 July 2026

    Midjourney wants Hollywood studios to reveal the details of their use of artificial intelligence

    5 July 2026

    What is Mistral AI? Everything you need to know about the OpenAI competitor

    4 July 2026
  • Apps

    Apple is bringing back card payments for Apple Account purchases in India after a four-year hiatus

    6 July 2026

    WhatsApp now allows you to reserve usernames

    5 July 2026

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026

    Travel app Hopper to pay $35 million in FTC settlement over ‘unfair’ hidden fees

    3 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026

    Smart glasses maker Even Realities hits $1 billion valuation with $150 million in funding led by Meituan, Tencent

    6 July 2026

    5 office gadgets that can make your work day better

    6 July 2026

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026
  • Media & Entertainment

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026

    Deezer says its new feature allows fans to remix songs with the artist’s consent

    24 June 2026
  • Security

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026
  • Startups

    Station F emerges as a launch pad for Europe’s hottest AI startups

    6 July 2026

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Apps»Spam attack on Twitter/X rival Mastodon highlights ‘different’ vulnerabilities
Apps

Spam attack on Twitter/X rival Mastodon highlights ‘different’ vulnerabilities

techtost.comBy techtost.com21 February 202406 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Spam Attack On Twitter/x Rival Mastodon Highlights 'different' Vulnerabilities
Share
Facebook Twitter LinkedIn Pinterest Email

A spam attack that affected open source X competitor Mastodon, Misskey and other apps highlights how the decentralized social web, also known as the fediverse, is open to abuse. In recent days, attackers have targeted smaller Mastodon servers, taking advantage of open registrations to automate the creation of spam accounts. Mastodon founder and CEO Eugen Rochko confirmed the attack with his post over the weekend, adding that Mastodon server admins should switch registration to approval mode and block spam email providers to help address the issue.

While this isn’t the first spam attack to affect Fediverse, Rochko notes that only larger servers like Mastodon.social have been targeted in the past. As this server is run by the Mastodon team themselves, they were able to mitigate these attacks themselves. What’s different this time is that spammers targeted smaller and even abandoned servers that offer open enrollment, allowing bad actors to quickly create accounts and create spam.

Image Credits: Eugen Rochko in Mastodon

This particular attack, which was fully automated once the attackers learned they could write spam, was caused by a dispute between two sides on Discord, where one side was trying to ban the other side’s Discord server, according to reports on Mastodon. (More details in this here.) Many of the other targets of spammers Mastodon wasn’t alone — they were also targeted Miski. (Misskey is an open-source, decentralized blogging platform that uses the ActivityPub protocol, like Mastodon, Pixelfed, PeerTube, and others, allowing its users to interact with those on other federated social media platforms.) As the origin of spam seems to be a Japanese forummany of the targets were also in Japan.

The spam attack highlighted one of the weaknesses that comes with the structure of the fediverse. Mastodon is open source software that anyone can install on their own server, essentially establishing their own instance or node, connected to other federated social networking servers supported by the ActivityPub protocol.

Because Mastodon’s smaller servers are often hobbyist projects run by enthusiasts, they were vulnerable to these types of attacks. If server admins didn’t pay attention to their servers on a daily basis and offered open registrations, they would likely be victims of spam.

Or as a server administrator, @Chris@mastodon.cosmicnation.co observed, “Some case managers recalled that they had an example. And we’ve also learned that there are a LOT of abandoned cases out there with the door wide open to registration without approval.”

In recent days, the server administrators they cooperated to create continuous lists abandoned cases that other administrators could use as a basis for a block list to protect their own users from spam attacks. Many servers were simply disabled as their admins decided it would be easier to wait out the attack or abandon Mastodon altogether.

The popular third-party app Mastodon Ivory, by Tapbots, an emergency update has been released which included a custom filter called “Potential Spam” under the Filter tab that would allow users to mute spam reports. Affected users could enable this filter to catch most spam, but could not stop spam push notifications, the company said.

The attack seems to be ending as of this morning. Technologist and researcher Tim Chambers (@tchambers@indieweb.social) noted that today was the first day in four days that he had fewer than 40 spam accounts to suspend on the server he manages, for example. Mastodon tells TechCrunch that on active servers with a reactive moderation team, Mastodon has several tools to prevent automated account registration, including approval mode, CAPTCHAs and various blocking tools, so the attacker is dealt with very quickly. He also noted that the spam attack has ended as the two hacker groups apparently made peace.

While some saw the experience as positive for the social network and the wider federation, as it exposed a weakness that could now be discussed and addressed, others were angry at the experience and Rochko’s lack of response in the early hours of the attack.

“This ruins my Mastodon experience for me. Makes me want to quit and quit,” wrote one Mastodon server admin sam@urbanists.social. “And Eugen’s continued silence on the problem doesn’t help matters,” they said.

Mastodon CTO Renaud Chaput said the attack will push the company to improve its software.

“Currently, there are no well-built tools to handle this, as this is a complex issue — federated networks are not easy! — but we have a lot of ideas about how to improve our anti-spam and anti-abuse capabilities,” he said. “These will be worked on in the coming months. We are always working on improving the software (the latest version introduced optional captcha support). Another measure we took today is to change the setting for new instances so that they are not wide open by default, and we added a banner to remind admins that fully open instances must be actively moderated, so this should be a careful decision by the administrator,” Chaput added.

Since the arrival of Instagram Threads, another Twitter/X competitor that also plans to merge using ActivityPub, Mastodon usage has dropped.

As of October last year, Mastodon had grown to include around 1.8 million monthly active users. By the time Threads went public, it had dropped to 1.5 million. Since the public release this month of Bluesky, another decentralized social network based on a different protocol (meaning it’s not part of the same fediverse, at least until a bridge is built), Mastodon’s use has he fell to 1 million monthly active users.

That’s where Mastodon’s usage remains today, according to the company’s homepage. The wider fediverse, which includes Mastodon and other apps, has around 2.9 million monthly active users. Entering threads at this time will overshadow other Mastodon servers and could offer Meta’s technical expertise in areas such as spam prevention, but many worry that Meta’s ultimate goal will be to essentially take over the fediverse by making it the default client that users choose and using it significant resources to scale the adoption of Meta’s application.

Updated 2/20/24, 1:31 p.m. ET to add Mastodon CTO comment

alike attack highlights mastodon pub activity Rival social media spam TwitterX vulnerabilities
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleOnePlus took a three-year “reflective pause” before increasing the battery of its smartwatch
Next Article China’s Moonshot AI Zooms to $2.5B Valuation, Raises $1B for Long-Frame Focused LLM
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Apple is bringing back card payments for Apple Account purchases in India after a four-year hiatus

6 July 2026

WhatsApp now allows you to reserve usernames

5 July 2026

Podcasting platform Riverside is getting into the newsletter game

4 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

7 July 2026

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

6 July 2026

Station F emerges as a launch pad for Europe’s hottest AI startups

6 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Station F emerges as a launch pad for Europe’s hottest AI startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.