[DigitalToday reporter Jinju Hong (홍진주)] Bluesky deleted 8,526 state-involved influence-manipulation accounts over the past year.

On May 28 local time, online media outlet Gigazine reported that Bluesky carried out the measures over the year since May 2025 and said it deleted 4,907 accounts since January 2026 alone.

The pace of deletions also picked up. Bluesky explained that the removal speed in 2026 rose to about twice the 2025 level. In most cases, it deleted accounts within hours of the first post, and said it kept average pre-deletion views to about 50.

The influence operation was often carried out by hijacking existing accounts rather than using newly created ones. Bluesky said influence actors operated by taking over existing accounts, and explained that many victim accounts were old dormant accounts. It added that there were also cases in which active accounts were hijacked.

The hijacking route was not a breach of Bluesky's own systems. Bluesky said the account takeovers did not appear to have been carried out through attacks on its systems, but looked like unauthorised logins using credentials leaked in other data breaches in the past. That means reuse of externally leaked information, rather than an internal service vulnerability, was the main cause.

Bluesky accordingly also presented account-security guidelines. It recommended that users use a strong Bluesky-only password that is not reused across other services, use password manager programs and enable two-factor authentication. It was a measure aimed at warning that reusing the same password across multiple services could allow previously leaked information to be abused again.

It also explained how to set up two-factor authentication. Users can go to the privacy and security item in the settings menu and turn on the feature by pressing "Enable" next to two-step verification (2FA). Bluesky recommended using the feature as a basic response to reduce account-hijacking damage.

The disclosure shows that Bluesky's response to influence operations is tied to account security issues, rather than simply deleting posts. It also shows that as state-involved influence accounts were abused regardless of whether they were dormant or active, both the platform's detection speed and users' security management have become important.

Bluesky said it responded within hours of first posts and lowered average views to 50, but as this year's deletions increased to 4,907, related measures are likely to keep being strengthened. In this situation, user security settings, particularly whether two-factor authentication is applied, are emerging as a key means to reduce account abuse.