PayPal UK’s Twitter account was taken over last night by a disgruntled customer who took the opportunity to post a few choice words about the company.
For two hours, the company’s followers were treated to a series of tweets including “PAYPAL FROZE ALL MY MONEY FOR NO REASON, FUCK YOU!”, and “PAYPAL CAN FREEZE YOUR FUNDS FOR NO REASON, DO NOT USE PAYPAL!!”
The hacker also reposted critical tweets from other customers and changed the picture on the account.
After a couple of hours, PayPal changed its password and regained control of the account, deleting the offending tweets. It points out that customer data wasn’t affected.
“This account was hacked earlier. We have it in our control now. Your personal data is still 100% safe, hack occurred on Twitter not PayPal,” says the company.
“We apologise for the bad language and childish nature of tweets that came from this account at the time.”
Security expery Chester Wisniewski of Sophos suggests that the hack was probaby made possible by carelessness over passwords.
“Most social networks were designed for use by individuals and don’t offer enterprise-grade security options with granular permission controls,” he says.
“If the password is shared with enough people, someone will misplace it or use something ‘everyone can remember’.”
Organizations should be particularly careful at the moment, he says, as with the large numbers of usernames and passwords that have been recently disclosed, many people are trawling around in search of companies that reuse passwords on multiple sites.