PayPal UK Twitter account hacked, apparently by angry customerHack is second high-profile hack of the week against Twitter accounts, showing weakness of single-password process for critical accounts.
A disgruntled customer appears to have taken control of PayPal UK’s Twitter account and has used it to complain about the service in a series of angry tweets on the service.
The person, who has not given any clue to their identity, has put out a series of tweets complaining that PayPal froze their account and seeking to embarrass the company by linking to paypalsucks.com, which says it is “an anti paypal site exposing the nightmare of doing business ‘the paypal way’.” It is not known whether the customer has any link to paypalsucks.com, which was first registered in 2000 and has remained under the same owner since.
A spokesman for PayPal UK said that the company is looking into what happened but emphasised that it was only the Twitter account, and not any of the sensitive customer systems with credit card or other data that had been breached. Twitter accounts are protected by a simple password which can sometimes be guessed or stolen and means that the service can be accessed by anyone with that password.
Earlier this week the Twitter account of Fox News politics was hacked by a group with links to the Anonymous hacker collective, and used to falsely claim that Barack Obama had been assassinated.
One was to prevent such account hacking would be to introduce “two-factor authentication” to certain accounts. That would require anyone who tried to log in from a different computer, or after a specific delay, to get an authentication code sent from Twitter to a mobile phone, or use a preset code. The Guardian has asked Twitter whether it plans to introduce this, though so far without response.
Ebay-owned PayPal has more than 100m credit card accounts.
Update 10.10pm: Twitter has suspended the PayPal UK account.