‘@PayPalUK Twitter account hacked

No primary category set

@PayPalUK, the Twitter account for PayPal in the UK was hacked tonight and content including changes to their logo was posted. The attackers also posted tweets linking to PayPalSucks.com, an anti-PayPal site and then devoted the next hour to retweeting every complaint they could find about PayPal on Twitter.

It’s worth noting that Twitter is an inherently insecure site with a simple user name/password combination to log in. Whilst it’s deeply embarrassing for PayPal to have their account compromised they aren’t the first and almost certainly won’t be the last high profile account to be hacked. As an aside obviously the PayPal Twitter account is totally unconnected to the main PayPal site and PayPal and their customers accounts are safe.

PayPal have apologised on Twitter saying “We apologise for the bad language and childish nature of tweets that came from this account at the time”. They also said of their Twitter account “This account was hacked earlier. We have it in our control now. Your personal data is still 100% safe, hack occurred on Twitter not PayPal”.

Of course every cloud has a silver lining – it looks like PayPal have gained in excess of 1000 new Twitter followers during the course of this evenings hack. Having regained control of the account the increase in Twitter followers has to be a nice bonus for what must have been a very fraught evening for those that run the PayPal Twitter account.

4 Responses

  1. When that shopping website was hacked into earlier in the year (I can’t remember their name now), they offered Paypal as the sole payment gateway.

    On my website I offer more than one payment gateway, so hopefully this will only effect eBay.

  2. I think the important thing here is that this is a Twitter hack, not a Paypal hack. In fact, it’s one of a long list of Twitter account take-overs (think Fox News last week) which have been going on, and is media-interest, but of little operational consequence for anyone doing business and using Paypal.

    I don’t know how the attack was made, but as Chris observes it’s just a simple password that is required so a dictionary attack, a phish or a social attack might do it, with no need for anything more sophisticated.

    Twitter could improve its security and at least have some form of account recovery in place for take-overs (particularly of verified accounts with large numbers of followers) — much as eBay has its Live Help for account take-overs: one of the most accessible and fastest acting parts of the customer service team.

    It is possible for users to make attacks harder by having complex non-dictionary passwords which are embedded in client software rather than known to users, but the blame for this overall vulnerability lies at Twitter’s door.

RELATED POSTS..

Amazon Disbursements held due to unmet UK business establishment requirements unfreeze disbursements says Minister

Enterprise minister tells Amazon unfreeze disbursements

Amazon Disbursements held due to unmet UK business establishment requirements unfreeze disbursements says Minister

Amazon Disbursements held due to unmet UK business establishment requirements

Ecommerce SNAFU - Swearing & Cancelled Deliveries

Ecommerce SNAFU – Swearing & Cancelled Deliveries

Is twitter rebrand to X barking mad or genius?

Expect the un-X-pected in today’s social media landscape

PayPal USD Stablecoin launched pegged to US$

PayPal USD Stablecoin launched pegged to US$

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars