PayPal UK Twitter Feed Hacked In Customer Protest

PayPal’s UK Twitter feed is back to normal after a disgruntled user peppered it with insults

Online payment service PayPal has restored its UK division’s Twitter feed after a disaffected customer hacked it and posted a stream of insults.

At 8.20pm last night the @PayPalUK Twitter feed was taken over, apparently by a user with a grudge against the service, who posted a series of negative tweets. The firm says its main websites and commerce systems were unaffected;  the take-over also seems to have no link to other recent actions by hacktivists, who have attacked the sites of companies including Apple, and hit PayPal with a denial of service attack last year when it withdrew services to the online whistleblower WikiLeaks. ,

Twitter normality resumed

Last night, the hacked account posted links to the “gripe site” PayPalsucks.com which collects customer complaints and provides information on a class saction lawsuit against the firm. The feed’s profile was altered to include the PayPal sucks logo, and the tag line “The official twitter account for the fail team at PayPal UK”.

The attacker presumably simply guessed the  password to the feed; by about midnight, the password was changed, and the feed restored, with the message “This account was hacked earlier. We have it in our control now. Your personal data is still 100% safe, hack occurred on Twitter not PayPal”.

Since then, @PayPalUK has been re-assuring users, one at at time. The feed’s followers have apparently increased by at least 1000, and currently stand at 17,000. Worldwide, PayPal has over 240,000 customers.

Hacking Twitter is easy

Hacking Twitter accounts appears to be an easy way to create major embarassment for companies. Earlier this week, Fox News’ Twitter feed announed the assassination of President Obama when a prankster took it over.

That hack was apparently carried out by a group called ‘Script Kiddies’, which claims to be associated with AntiSec – the combined campaign of notorious hacker groups Anonymous and Lulzsec who have waged a campaign to expose and ridicule security errors.