Wired Magazine
October 16, 2009
By Kim Zetter
A payroll-processing firm that was breached by hackers last month is warning customers about a new breach, after some clients noticed phantom employees popping up on their payrolls.
New Jersey-based PayChoice sent a message to customers Thursday indicating that thieves appeared to have stolen customer login IDs and passwords by exploiting a vulnerability in the website feature for changing a password, WashingtonPost.com reports. PayChoice said it disabled the change-password feature until it could fix the vulnerability.
The company discovered the problem after some of its payroll customers noticed bogus employee names being added to their payroll lists, in an attempt to get the companies to pay those “employees” through bank accounts controlled by the fraudsters. more …
