Article

Breach forces payroll service provider PayChoice to shut down again

SearchSecuirty.com Staff

Payroll service provider PayChoice shut down its online service for the second time in less than a month on Wednesday in response to another data breach by hackers.

Brian Krebs of Tthe Washington Post reported the breach in his SecurityFix column. PayChoice chief executive Robert Digby confirmed the breach in an email reply to Krebs, saying that the site,

    Requires Free Membership to View

Online Employer, was briefly taken offline and reopened with limited functions. As of Friday afternoon, the site was displaying the message, "**Attention** Employee Services is temporarily unavailable."

The company notified clients Thursday after some customers noticed phony employees beinig added to their payroll, according to Krebs.

"After investigation, we determined that valid user credentials for an OoOnline eEEmployer user were used in an unauthorized manner to add these fictitious employees in an attempt to have payments made to fraudulent bank accounts," the company wrotesaid in an e-mail alert to their clients sent Thursday."

This appears to be the second stage in an attack on the site, according to Krebs. Last month, hackers broke into PayChoice's servers and stole customer user IDs and passwords. The attackers included that information in emails to customers, tricking them into downloading malware that would steal their usernames and passwords, in the guise of a browser plug-in which was purportedly needed to continue to have access to the site.

The company told clients that the hackers had exploited a weakness in the site's self-service password change function, which has been shut down until the vulnerability is fixed.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: