First Direct’s Twitter Sex Hack Attack

February 26, 2010 by Chris Skinner

Everywhere I go these days, I see ads for following businesses on Facebook and Twitter. The latest was down at the local winebar where they have this ad on the counter:

Facebook Bar

GET DISCOUNTS IF YOU FOLLOW US ON FACEBOOK!!!!

Works for me.

Apparently, some 27% of UK SMEs use social media to connect with customers according to a survey by Virgin Media and other studies show that the fastest growing companies are those using social media to communicate.

And yet, apart from First Direct, I still can't find a blog, facebook or twitter button on any mainstream bank website in the UK.

Mind you, it may be that banks are waiting until social media's issues are resolved before they dive in. For example, here's a direct tweet I received from First Direct this morning:

First Direct_11

Maybe that's the reason that most banks are onthe fence about social media, as they are waiting until the hackers and underware issues are resolved before they jump into the fray.

That also makes sense to me.

UPDATE
13:00 26th February

First Direct have clarified what happened and yes, they were hacked!

First Direct_12

UPDATE 2

19:00 26th February 2010

First Direct posted an apology on their website:

If you're reading this you're probably aware that at 5 am this
morning first direct's Twitter account
was hijacked and used to spam our followers. We'd like to apologise for
the message itself (no need to repeat it) and for the way we dealt with
it in the first instance.

We would like to offer you some explanation for our actions...

How did it happen?

This morning (about 00.30 am) we received a rather salacious Tweet
from one of our followers (their account had been hijacked too) and
whilst checking it out proceeded to read the other direct messages we'd
received. One direct message was from a trusted source it read "ha ha
is this you?" and included a link which we unthinkingly clicked on.

We
can confirm that our Twitter password is extremely secure (a long
string of randomised characters, and regularly changed), and the only
reason they were able to gain access to our account was through the
mistake we made. Obviously we changed our password as soon as we
realised what had happened (and we have revoked the OAuth access of the
spam generator), so our account is secure again.

Why did we respond the way we did?

We tweeted quickly out of a desire to re-assure people and perhaps
should have gone straight to the third of our three tweets. We should
have got an apology up sooner, and we probably shouldn't have used the
word "hack". Twice.
We've now put steps in place to make sure it
doesn't happen again.

Have any other first direct accounts been
tampered with?

Absolutely not. This was an isolated incident affecting our Twitter
account only.

Final word

This is new to us and to the financial services sector as a whole. We
made a mistake, fixed it as soon as possible and we're taking steps to
ensure it doesn't happen again. We're very sorry, but we are only human
afterall.

TechnologyCategories

Chris M Skinner

Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...