11 December 2017
visit www.aciworldwide.com

First Direct falls foul of Twitter hack

26 February 2010  |  17572 views  |  3 call centre Customer assitant

First Direct's love affair with social media took a cold bath last night when the UK online bank's Twitter account was hacked and used to send pornographic messages to followers.

First direct's 800+ followers found an unusually passionate message from the bank when they opened their Twitter accounts Friday morning.

The tweet, posted at 05.30 read: 'hey, I've been having better sex and longer with this here', and pointed to a link to a third party site.

The attack is part of a viral malware infection that has spread like wildfire across Twitter, with other high-profile UK victims including Cabinet Minister Ed Milliband and the Press Complaints Commisssion.

The bank resumed control of its account during business hours with the following message: 'Hi all, I'm sure you can tell, but we were hacked last night - please disregard any inappropriate tweets that purport to come from us!'

This was followed by a slightly panicky clarification: 'Re. previous Tweet I just want to clarify that only our Twitter account has been hacked!!! We've changed our password so all should be well.'

Which prompted a third message: 'no password issues, it was a link in a DM. No customer / personal data has been compromised. Sorry for any offense caused.'

First Direct is so far the only UK bank to openly embrace the micro-blogging service, and it has won plaudits and applause in social media circles for its willingness to engage with customers in a Web 2.0-connected environment.

The UK bank's misfortunes come just a week after Westpac provided an example of the potential pitfalls of Twitter when an employee accidentally posted a self-pitying tweet using the firm's official account, prompting scorn from followers.

Comments: (3)

A Finextra member
A Finextra member | 01 March, 2010, 09:27

Your story - like most reporting of this incident - uses the term 'hacked' which I think is misleading.

To be 'hacked' implies that your account has been attacked from the outside without any action from you. In reality, what happened here is that the Twitter users affected were the victims of so-called 'phishing': They were sent a link which they then clicked on. This took them to a page which looked like a Twitter log-in page but in fact had been set-up by the ‘phishers'. The victims then voluntarily entered their usernames and passwords. As a result, their accounts were compromised.

My concern here is that social media like Twitter is being portrayed as somehow inherently less secure than the rest of the Internet. It's not. As long as people use the same level as care with their social media passwords as they would their online banking or email passwords, they'll be just as safe.

I'm not belittling the incident - it's serious either way - but I do think it's important to distinguish 'hacked' from 'duped'.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Paul Penrose
Paul Penrose - Finextra - London | 01 March, 2010, 11:28

First direct has posted a blog explaining how it got duped and apologising for its own response: "We tweeted quickly out of a desire to re-assure people and perhaps should have gone straight to the third of our three tweets. We should have got an apology up sooner, and we probably shouldn't have used the word "hack". Twice."


Rather than fretting over the use and abuse of the 'h' word, I'd be rather more concerned that first direct could so easily fall victim to such an elementary social engineering/phishing scam.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 01 March, 2010, 11:40

Seems to me that the bank's Twitter account has indeed be hacked as the subsequent phishing messages have been sent the bank's name and apparently just to those 800+ people listed as "followers" of the bank. So this is not the typical widely distributed phishing spam usually coming from botnets.

While in this instance it was very easy to determine that this message is very unlikely to be originated by the bank, better phishing attempts might be more effective and could indeed result in serious fraud. So this is just another reminder that anything on the web is potentially unsecure, that the web's trustworthyness is pretty limited and at this time, unreasonably high efforts are required to establish a reasonable level of trust.

I'd believe that it would be up to the industry to change this - just delegating the risk to the general public is pretty unfair as the vast majority has not enough knowledge about the perils and can't be expected to become experts. Even those who are experts are just firefighting in a hare-and hedgehog race and are not really able to thwart cybercrime.    

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

'Oh so very over it today' tweets Westpac

'Oh so very over it today' tweets Westpac

18 February 2010  |  14302 views  |  1 comments
Barclays Stockbrokers taps social media for investor info platform

Barclays Stockbrokers taps social media for investor info platform

08 December 2009  |  7601 views  |  0 comments
First direct dares to share what customers think of it

First direct dares to share what customers think of it

13 October 2009  |  17412 views  |  1 comments
ING Direct sets up bank fee comparison Twitter stream

ING Direct sets up bank fee comparison Twitter stream

02 July 2009  |  7835 views  |  0 comments
First direct unveils social media newsroom

First direct unveils social media newsroom

19 June 2009  |  10127 views  |  0 comments
Wells Fargo taps Twitter

Wells Fargo taps Twitter

27 March 2009  |  13114 views  |  1 comments
Bank of America taps Twitter

Bank of America taps Twitter

16 January 2009  |  11943 views  |  1 comments | 1 tweets
Phishers target Twitter

Phishers target Twitter

06 January 2009  |  8880 views  |  0 comments
First direct launches customer community site

First direct launches customer community site

21 November 2008  |  7741 views  |  0 comments
First direct launches online chat service

First direct launches online chat service

19 August 2005  |  14440 views  |  0 comments

Related company news


Related blogs

Create a blog about this story (membership required)
visit http://info.nice.comvisit www.atos.netvisit www.solutions.lexisnexis.com

Top topics

Most viewed Most shared
Revolut lets customers buy Bitcoin, Litecoin and EthereumRevolut lets customers buy Bitcoin, Liteco...
18244 views comments | 26 tweets | 22 linkedin
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
11148 views comments | 7 tweets | 7 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
7111 views comments | 13 tweets | 21 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
6506 views comments | 8 tweets | 17 linkedin
Barclays, First Direct and Nationwide join FCA sandbox cohortBarclays, First Direct and Nationwide join...
5905 views comments | 5 tweets | 12 linkedin

Featured job

London, UK (or flexible)

Find your next job