It’s not been a good week for security on Twitter. On Monday we reported about how one of the main Fox News Twitter profiles had been hacked by the Anonymous splinter group Script Kiddies, who used the exploit to send false messages about the death of President Obama. Damagingly for both Fox and Twitter, it took over 10 hours before the messages were removed.
Yesterday, at a little about 9pm (GMT), the Twitter profile of Paypal UK was also hacked, this time by what appears to be an unhappy customer. The hijacker posted a series of critical messages against the service, and also changed the avatar, bio and the profile URL.
The good news? It only took two hours for somebody to notice, which might just be a new record for Twitter.
Here’s a sample of the tweets. Note the avatar (which was changed twice), and the adjusted bio and URL, which links to (the genuine) PaypalSucks.com.
Another tweet was more specific, and perhaps highlighted the reason for the breach: “PAYPAL FROZE ALL MY MONEY FOR NO REASON. FUCK YOU!”
Paypal UK regained access to their profile a little before midnight GMT, and quickly deleted the offending messages before issuing a response, both on Twitter and to the Sophos security blog, Naked Security.
PayPal UK’s Twitter feed was targeted by hackers tonight. PayPal would like to reassure all customers that PayPal’s UK customer systems and data have not been breached or hacked in any way. There is no link between customer systems and our Twitter account.
As you can imagine, Paypal have been doing damage control all morning.
As Sophos speculates, usually the reason for these hacks is the overuse of common or too-easily guessed passwords. This seems probable in Paypal UK’s case, which of course has led to a lot of egg on face. While their Twitter feed and customer systems are very different beasts, sloppiness in any form of security for what is essentially an online bank is damaging (not to mention the content of the tweets), and this incident certainly won’t enthuse customers who have come to trust and rely on Paypal as a medium for online financial transactions.
(Hacked Paypal tweet images and hat tip: Naked Security.)