A new meme on Twitter where users tweet out their “Twitter Family Tree” has secretly been allowing a shady website’s API to access your account and follow other accounts without your knowledge.
A website called roundyear.fun became popular amongst many Twitter users for its tool that shows you your “Twitter Family Tree”, which is actually just a few of your most interacted accounts in a family tree diagram. More specifically, one user discovered the true origin of the accounts that appear in your family tree:
- Parents: Top 2 accounts with the most likes from you.
- Spouse: Most interacted account.
- Children: Two accounts in your recent replies.
While it sounds fun and cute, it’s really a scam to gain control of your Twitter account without you knowing. Upon clicking the website, a prompt appears that asks people to sign in with their Twitter account with an option to “post a tweet with your result” automatically selected.
MORE FOR YOU
After logging in to their API and giving them access to your Twitter, this allows the Twitter family tree website to:
- See Tweets from your timeline (including protected Tweets) as well as your Lists and collections.
- See your Twitter profile information and account settings.
- See accounts you follow, mute, and block.
- Follow and unfollow accounts for you.
- Update your profile and account settings.
- Post and delete Tweets for you, and engage with Tweets posted by others (Like, un-Like, or reply to a Tweet, Retweet, etc.) for you.
- Create, manage, and delete Lists and collections for you.
- Mute, block, and report accounts for you.
This is concerning on many levels and an immediate security threat for anyone who’s fallen victim to this scam. What appears to be happening is this website is following accounts from your account and then muting them so you don’t see them on your feed. This is a sneaky way to take control of a Twitter account without the user suspecting anything fishy has happened. There’s also the risk that more actions could be taken in the future and this is just the start.
A website called Affinitweet offers a similar non-shady API that allows users to do fun games and learn interesting stats about their account. In 2020, they brought light to Round Year Fun’s tactics which makes this Twitter family tree trend not the first time they’ve abused Twitter user’s privacy and account security.
What’s likely happening here is what’s called a “mega” in social media growth circles. Normal people looking to grow their Twitter account in unconventional and often sketchy ways will pay a service or media growth agency to help them gain followers. This service is often untruthful or secretive around how they grow your account, using tactics such as this to gain you real followers.
“Help! I did this. How do I secure my Twitter account from Twitter Family Tree?”
Luckily, if you’re reading this article you still have time to save your account and stop allowing Round Year Fun to have access. Here is a tweet that goes through the instructions on how to secure your Twitter account by revoking its’ access in settings:
It’s important to learn that these often times fun sounding Twitter and Facebook games are usually schemes to collect data or control your social media accounts for someone else’s benefit. It’s a good practice to search up a trend such as this before doing it and also reading the access that you’re allowing a website to your Twitter.