You never ever want a disgruntled employee, customer or competitor or really anyone who should not have access to your Webmaster Tools account to gain access to your Webmaster Tools account.
But it is not all that uncommon for someone to hack into your account either through phishing attempts, using insecure passwords without two-factor authentication or by hacking your web site to become a verified Google Webmaster Tools user.
A Google Webmaster Help thread has one case of such a thing happening. A webmaster said he was notified that a new verified user was added to his Webmaster Tools account via an html file added to his web site, one of the many ways to verify a user to your account. He said he was unaware of who it could be.
The nice thing, Google does notify the other verified users of new users added, so that does alert users of this happening but by then, it may be too late.
Google's John Mueller responded to the webmaster explaining the concerns:
I'm sorry to hear about that! It sounds like someone was able to place a file on you website, in order to get it verified in Webmaster Tools. In this case, I wouldn't primarily worry about Webmaster Tools, but instead make sure that your website is locked down and cleaned up. A hacker could have modified anything on your website, removed content, added malware, added links, or done other malicious things. I'd recommend following the steps on http://www.google.com/webmasters/hacked/ and making sure that you get support (be it from your hosting service, or from someone else who's knowledgeable in this area and that you trust). There's often no simple solution, so make sure that you get help, and that you take the time to go through everything properly.
Web site security is such a big issue these days and it makes me sad to hear about cases like this.
Stay on top of your security and go the extra mile, you never want to look back and say, I should have done X.
Forum discussion at Google Webmaster Help.
