Quick question for the community: Over the past few days, has anyone noticed unusual follower activity? I'm talking about sudden spikes with accoun...
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
I saw it before too dev.to/olgabraginskaya/whos-really...
Thank you Olga. Your investigation is way way way more detailed than mine and I appreciate your time put into it.
Exactly, literally after every 5-6th shorts in facebook, I was following a profile which i never knew about. BUT the interesting thing is we can't unfollow those, the unfollowing button is not working, it appears to be "Follow" but after 2-3 secs again it shows following.
I’ve seen that too — some of the bot accounts following me can’t be removed at all. When I try to unfollow or remove them, the profile redirects to a 404 page, which makes me think the accounts are already dead/removed on the backend but still stuck in the follower list. Definitely not normal behavior.
Platform vendors buys accounts such as DEV accounts, to falsely inflate "engagement". I've been offered likes, accounts, and comments for as little as $1, on all major platforms. I tell them to f**k off of course, but I assume not everybody is as honest as me ...
Thomas, you’re a legend for this response. Thanks for being real about how messy the engagement market is
Actually Yes i have !! And i have reported it to Jess and Ben but they are really trying from their side to stop this . But again the attackers are finding new ways i guess.
Thanks for sharing that — it actually helps knowing this isn’t just happening on my end.
Totally appreciate that Jess, Ben, and the rest of the team are actively fighting this. Attackers always adapt, and I get how tough that is on the platform side.
Hey — this is really insightful and kind of alarming. Your analysis makes a lot of sense, and the way you’re using heuristics (username entropy, account age, engagement signals) is smart. I’ve seen similar odd spikes — accounts with zero activity and default avatars are definitely red flags.
A few thoughts / suggestions:
Also: you raised a great question — should we even care about follower counts if they’re so easy to game? My take: yes, especially on a developer platform. For people building in security, data, or research, those vanity metrics can feel misleading and even risky.
Thanks for flagging this early — it helps the community stay vigilant. 🙏
github.com/GnomeMan4201/devto-bot-...
devto-bot-audit scans your Dev.to followers and flags accounts based on behavioral signals and profile entropy. No cookies or browser automation required — just your API key.
Note: Before posting about this publicly, I did try to raise the issue privately with the Dev.to team. I’m sharing this tool now to support others who may be seeing similar patterns and want visibility into what’s happening on their own profiles.
It’s not a silver bullet — but it’s a step toward transparency. If you’ve noticed a spike in inauthentic followers, this will give you the raw data.
I've seen this before.
I assume most of my followers are bots from a wave a few years ago.
Yeah, I don't want to be a maintainer these days. It's a lot of work to fight them off.
On the other hand Dev.to did a good job in preventing shit posts. I feel there are less low quality AI Posts (or they got wayyy better). Also there are less spam posts. I like that.
Will keep a lookout for this pattern. Only have about 7 followers and the 2 I recently gained look legit. I also think it’s important to blow the whistle when discovered, so this doesn’t turn into X.
Thanks for keeping an eye out — that’s exactly what I’m hoping more people do.
Even if someone only has a handful of followers, small anomalies are often the earliest signal something larger is happening in the background.
My spike wasn’t just sudden — it has a pattern:
zero-post accounts
generic usernames
default profile pics
all created within a very tight timeframe
That’s why I figured it was better to raise the flag early rather than let it quietly snowball the way X did.
If more of us call out weird patterns as they happen, Dev.to has a better chance of catching things before they become systemic. Authenticity is what makes this place valuable — especially for people building real work and reputations here.
Appreciate you chiming in
If anyone's curious, here are some of the actual signals platforms use to detect coordinated automation (from a security research perspective):
I'm not saying DEV implements all of these—just that these are signals mature platforms monitor. Given the follower spike several of us experienced, it raises some interesting questions about detection gaps.