Payroll service provider PayChoice shut down its online service for the second time in less than a month on Wednesday in response to another data breach by hackers.
Brian Krebs of Tthe Washington Post reported the breach in his SecurityFix column. PayChoice chief executive Robert Digby confirmed the breach in an email reply to Krebs, saying that the site, Online Employer, was briefly taken offline and reopened with limited functions. As of Friday afternoon, the site was displaying the message, "**Attention** Employee Services is temporarily unavailable."
The company notified clients Thursday after some customers noticed phony employees beinig added to their payroll, according to Krebs.
"After investigation, we determined that valid user credentials for an OoOnline eEEmployer user were used in an unauthorized manner to add these fictitious employees in an attempt to have payments made to fraudulent bank accounts," the company wrotesaid in an e-mail alert to their clients sent Thursday."
This appears to be the second stage in an attack on the site, according to Krebs. Last month, hackers broke into PayChoice's servers and stole customer user IDs and passwords. The attackers included that information in emails to customers, tricking them into downloading malware that would steal their usernames and passwords, in the guise of a browser plug-in which was purportedly needed to continue to have access to the site.
The company told clients that the hackers had exploited a weakness in the site's self-service password change function, which has been shut down until the vulnerability is fixed.