Breach forces payroll service provider PayChoice to shut down again

PayChoice, a payroll service provider, took its service offline for the second time in a month in response to a data breach

Payroll service provider PayChoice shut down its online service for the second time in less than a month on Wednesday in response to another data breach by hackers.

Brian Krebs of Tthe Washington Post reported the breach in his SecurityFix column. PayChoice chief executive Robert Digby confirmed the breach in an email reply to Krebs, saying that the site, Online Employer, was briefly taken offline and reopened with limited functions. As of Friday afternoon, the site was displaying the message, "**Attention** Employee Services is temporarily unavailable."

The company notified clients Thursday after some customers noticed phony employees beinig added to their payroll, according to Krebs.

"After investigation, we determined that valid user credentials for an OoOnline eEEmployer user were used in an unauthorized manner to add these fictitious employees in an attempt to have payments made to fraudulent bank accounts," the company wrotesaid in an e-mail alert to their clients sent Thursday."

This appears to be the second stage in an attack on the site, according to Krebs. Last month, hackers broke into PayChoice's servers and stole customer user IDs and passwords. The attackers included that information in emails to customers, tricking them into downloading malware that would steal their usernames and passwords, in the guise of a browser plug-in which was purportedly needed to continue to have access to the site.

The company told clients that the hackers had exploited a weakness in the site's self-service password change function, which has been shut down until the vulnerability is fixed.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close