Payroll Site Hacked, Employment Numbers Swell: Via Threat Level.

A payroll processing firm that was breached by hackers last month is warning customers about a new breach, after some clients noticed phantom employees popping up on their payrolls.

New Jersey-based PayChoice sent a message to customers Thursday indicating that thieves appeared to have stolen customer login IDs and passwords by exploiting a vulnerability in the website feature for changing a password, WashingtonPost.com reports. PayChoice said it disabled the change password feature until it could fix the vulnerability.

The company discovered the problem after some of its payroll customers noticed bogus employee names being added to their payroll lists, in an attempt to get the companies to pay those “employees” through bank accounts controlled by the fraudsters.

The incident follows a breach in late September that resulted in hackers absconding with the account information of firms using its online payroll product.

In a Sept. 28 e-mail sent to customers, PayChoice indicated that the hackers had obtained e-mail addresses as well as login IDs and at least parts of passwords for account holders using the OnlineEmployer.com web site.

The hackers used the information for a phishing attack, sending targeted e-mail to the customers in an attempt to trick them into relinquishing the remainder of their passwords. The e-mails indicated that the customers needed to download a plug-in to continue using PayChoice’s OnlineEmployer web site. The plug-in, however, was actually a password-stealing Trojan.

PayChoice shuttered the site temporarily after discovering the initial attack, and forced customers to change their passwords. But it appears that implementation resulted in an additional vulnerability.

In addition to its payroll processing service, PayChoice produces an online payroll management system used by 240 other payroll processing firms,

See also:

• Payroll Firm Breached — Online Customers Targeted

Read Original Article:(Via Threat Level.)