Checkfree.com hacked: users financial info could be at risk
Filed under: Ripoffs and Scams
According to The Register as reported in the Washington Post, one of the biggest bill-paying sites on the Internet, CheckFree.com, has been hacked, potentially opening up its customers to malware. On Tuesday, December 2nd, customers logging in to pay their bills were apparently redirected to a Ukrainian server which attempted to infect their computer.
A CheckFree spokesperson acknowledged the attack and claimed that the company wrested control back from the hackers by dinnertime the same day. (Update: The CheckFree spokesperson tells me that the problem began in the very early morning of Dec. 2, and by 10:10 a.m. the company had successfully plugged the leak). While CheckFree has not yet finished analyzing the uploaded malware, the spokesperson told the Post that the severity of the infection would be related to the anti-virus software running on the customer's computer and the browser used to access the account.
A researcher for Trend Micro told the Post that the virus was a Trojan horse program designed to obtain the customer's user names and password.
According to CheckFree, almost a third of all Americans now pay bills online. CheckFree accepts payments for hundreds of companies, includes AT&T, Bank of America, Chevron, DIRECTV, and Time Warner. I don't see any Ukrainian companies on the list, though. Yet.
I'm awaiting a return call from Checkfree to learn what actions customers concerned about the security of their data might take, and will update this post as soon as I have this information. The company's published guarantee states that, when notified within two business days of a unauthorized transaction, your liability will be limited to $50. If you pay through CheckFree.com, I'd suggest checking your linked accounts regularly through the day until this situation is resolved.
Addendum: A spokesperson at Fiserv, the parent company of CheckFree, contacted me with details of the company's response to this intrusion. She assured me that the hole in CheckFree's system had been patched promptly, that the company is already notifying affected users, and that those affected will receive free copies of McAfree antivirus software as well as free McAfree scans of their computer and the Deluxe ID Theft Block credit monitoring service. She also clarified the risk; users whose anti-virus program was out of date or who had no anti-virus protection could have been "subject to a malicious software download."
Watching Your Plastic
Shoppers pass Macy's department store which opened at 5:00 a.m. Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
Shoppers pass merchandise while on line to use the escalator at Macy's department store, which opened at 5:00 a.m. Friday, Nov. 28, 2008, in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
Shoppers pass merchandise while on line to use the escalator at Macy's department store, which opened at 5:00 a.m. Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
People shop at Macy's department store which opened at 5:00 a.m. Friday, Nov. 28, 2008, in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
People shop at Macy's department store which opened at 5:00 a.m. Friday, Nov. 28, 2008, in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
Pedestrians and shoppers pass Macy's department store which opened at 5:00 a.m. Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
Cars move past Toys R Us in Times Square which opened at 5:00 a.m. Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
People shop at Toys R Us in Times Square just as the store opened at 5:00 a.m. EST Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
People shop at Toys R Us in Times Square just as the store opened at 5:00 a.m. EST Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
People shop at Toys R Us in Times Square which opened at 5:00 a.m. Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
Recent Posts
- Live, from Walt Disney World, it's the Obamabot! (7/03/2009)
- Ukraine outlaws possession of porn, but can't define what it is (7/03/2009)
- Taken for a ride: 5 clever ways theme parks bleed you for extra (7/03/2009)
- Ask the Dolans: Is now the time to start my own business? (7/03/2009)
- Five Fabulous Finds: Stuffed pizza rolls, blizzards and ice cream sundaes...free! (7/03/2009)

Reader Comments (Page 1 of 2)
12-07-2008 @ 6:40AM
ROBERT said...
THIS IS ANOTHER EXAMPLE OF LAZINESS ON PART OF ANY COMPUTER OPERATOR. ALL LEGIMATE COMPANIES ALLOW YOU TO PAY YOUR BILLS DIRECTLY FROM YOUR ON LINE BANKING ACCOUNT DIRECT TO THE COMPANY YOU ARE DOING BUSINESS WITH. I WOULD STRONGLY SUGGEST, THAT THOSE VERY FEW COMPANIES WHO ASK YOU TO GO THROUGH CHECK FREE.COM, STOP DOING BUSINESS WITH THEM IMMEDIATELY, AND TELL THEM WHY YOU ARE DOING SO. THEY WILL GET THE MESSAGE REAL FAST, AND THENTHEY WILL HIRE BETTER PROGRAMMERS FOR THEIR COMPANY TO REDO THEIR WEB SITES. ALL TOO MANY COMPANIES HIRE HAMBURGER FLIPPERS TO DO THEIR WEBSITES, CHEAP LABOR, AND GET CHEAP RESULTS, THEREBY ENDANGERING THEIR CUSTOMERS. TELL THEM YOU HAD ENOUGH OF THEM. ANY OIL COMPANY CREDIT CARD SYSTEM THAT WON'T LET YOU PAY YOUR BILL DIRECTLY FROM YOU CHECKING ACCOUNT, YOU DON'T NEED OR DEPARTMENT STORE FOR THAT MATTER. GET CONTROL OF YOUR LIFE AND FINANCES QUICK, AND TELL THE REST OF THEM TO GO STRAIGHT TO HELL.
Reply
12-07-2008 @ 8:09AM
Bobby said...
Hackers are public enemy # 1. I give more credence to a crooked CEO or punk holding up a convenience store. At least they make physical effort to commit a crime. I wish I could find something good to say about society anymore, but even the privacy & convenience of your home is invaded with these cyber thieves.
They should do hard time when caught! As distasteful as OJ is to me, he only tried to steal his once owned possessions back. Cyber thieves steal from millions & ruin their lives forever in some cases!
Reply
12-08-2008 @ 2:16PM
Lisa said...
You are sooooooooooooo right. What happened to the days when everyone was kind and honest to each other and crime was mostly petty. It really is a very very sad world we live in now. Nothing about you or you're home is safe. When you get scammed in real life or online you feel raped,
These online scammers should spend the rest of their lives in prison. After all they have ruined someones life forever so tit for tat. I think our laws for punishment should be a lot stricter maybe then criminals would think a bit harder about commiting a crime.
12-07-2008 @ 8:50AM
Allison said...
On top of the stupidity of people
This is interesting... 5 Retarded Get-Rich Quick Scams (People Still Fall For)
http://www.curiousread.com/2008/10/5-retarded-get-rich-quick-scams-people.html
Reply
12-07-2008 @ 9:10AM
E-Dude said...
Real stupid picture. A black mans head on a white boy body.
Reply
12-07-2008 @ 6:39PM
kim said...
If you look again he has a stocking on his head!
12-07-2008 @ 9:31AM
mrst2328 said...
even more stupid is not realizing the face in the pic has been altered to hide the identity...
12-07-2008 @ 1:07PM
marla said...
I thought he had a panty hose on his head.
12-07-2008 @ 9:47AM
teltech54 said...
As soon as I find out about things like this happening it is very easy to go online to the real site and change your password. When my credit card companies sent me a new credit card because of the TJMaxx and local supermarket hack job I just went on line and changed the password. Better safe than sorry.
Reply
12-07-2008 @ 11:41AM
fin said...
posters #5 & 6
Even more stupid is not noticing that the guy is wearing a black stocking over his head!
(LOL - how old are your monitors????)
Reply
12-07-2008 @ 11:48AM
JAMES FRISK said...
We used to have to worry about local thief's now its the world
Reply
12-07-2008 @ 12:27PM
Tony said...
So at the time of this reading it took 5 DAYS! for me to find this out? Granted I had not signed on during the infected period of time however I changed my password then got onto LIVE CHAT to express my opinion 'not of the security issue' but of the lack of communication with members paying bills online with checkfree. I also stated that I would be changing my service to another because of this lack of communication. I will just use my bank's 'bill pay' for now. It is not the security problem or the break in of servers, this can happen to anyone, it is the lack of communication with all members of steps taken to fix and urging customers to change passwords.
Checkfree has been flawless in my bill paying but I gotta go ;)
Tony
Las Vegas, NV
Reply
12-07-2008 @ 12:43PM
Tony said...
If you sign onto checkfree.com you will notice no email contact just LIVE CHAT. Here is an email link I would urge you all to use to send your opinion of the lack of contact checkfree had with it's customers concerning the security issue on Dec. 2nd.
here is the email link: checkfreebillpay@customercenter.net
Tony
Las Vegas, NV
12-07-2008 @ 12:50PM
ar said...
well I used this website and just happened to have 3 bills that have been paid out of there... and of course .. i got a phone call from my bank on saturday am.. saying that someone hacked into my account and cleaned it out.. not with cash but the charged .. because thru check free.. they get your debit card number and expiration date... i have used this site for 2 years... its just unbelievable... 1700.00 they charged on my debit card... i hope their hands all fall off and they rot in hell...
Reply
12-07-2008 @ 1:36PM
Theresa said...
Here's a tip from my bank which is US Bank. When paying online it is better to use a debit/credit/check card than to enter your bank's routing and acount number info. If your debit/credit/check card is compromised, the banking institution can shut it down immediately and send you a new card and pin number whilke still allowing you to physically go to the bank and access your funds. However, if your routing and account number are stolen or compromised, the bank must shut down your entire account while they investigate. Your funds are, in efffect, frozen. You have no access to them until their investigation is complete which could take weeks. This actually happened to my daughter twice on 2 different accounts. One swiped her card info from an online transaction and used it to purchase drug-related items from a Canadian mail order pharmacy. Her second account from a completely different institution was compromised al a retail shop when she physically swiped her card through the reader. In both instances, she was able to shut down the cards but still have access to her funds by making a physical withdrawal in person at each of the banking institutions. I used to make on-line payments using my bank info because some sites charge a fee (between $3 and $4.95) for using a debit/credit/check card and I absolutely think that is a rip-off. However, even though it really ticks me off to pay a fee, it's better than having the entire account "frozen".
12-07-2008 @ 1:08PM
itm said...
isn't it interesting how such a large number of these hackers always end up being from Russia, Ukraine, Belarus, and other third-world Eastern European countries (yes I do realize that all of these hated geek countries have something in common - they're Slavic). Just a suggestion, but can't they do something productive with their lives instead of just destroy the lives of others?
I mean, it is getting tiresome. Every single time I see a story about hackers or something similar I know that the criminals are from Russia or some other depressing country.
Reply
12-07-2008 @ 1:26PM
Alaine said...
That's rude. The Slavs are a great people, most of these hackers work with or for the mob. There are millions of people living in that area of the world, don't group them together with a small group of computer-hacking mobsters. These guys are not doing this out of boredom--as far as they are concerned, stealing your money is a perfectly productive way to spend their time.
Also, do your research. There are plenty of incidents originating form non-"depressing" countries, especially the US and Britain. You just choose not to remember them.
12-07-2008 @ 1:23PM
Carl said...
I AM WAITING FOR THE DAY SPAMMERS DISCOVER ALL THE ON LINE - OVER THE INTERNET PAYROLL COMPANIES.
I CAN HEAR THEM THINKING.....LET'S SEE, SHOULD I GO AFTER GENERAL MOTORS PAYROLL OR MAYBE, WHAT WAS THE NAME OF THAT BUSINESS? ANYWAY A FEW MIL TODAY WILL HELP THE OLD BANK ACCOUNT.....
Reply
12-07-2008 @ 2:04PM
itm said...
Well geez, you think I am going to worry about being rude to people who steal money from others? (btw good going supporting those thieves by saying 'stealing your money is a perfectly productive way to spend their time.' Any more comments like that and cyber-crimes will become acceptable in the eye of the public. We need to punish them for their crimes and not feel sorry for em.) These crimes are totally under-rated compared to some unarmed, uneducated little tribes running around in Afghanistan.
As for the comment on Slavs, it is a realistic observation. I know there have been many hackers from countries like the US, UK, France, Germany, etc. But, when you look at the overall picture (say years and years of hearing about computers being hacked on the news - and not just American news, but also news in Europe) you will notice that a majority are from Eastern Europe. I think it can be pin-pointed to Slavic countries because there are also non-Slavic countries in that region and they don't have these problems (e.g. Hungary or Romania). Furthermore, look at the ratio of productivity towards crimes. The US, for example, has produced so much technology and been a great benefit to the rest of the world (regardless of Bush's 8 years in office). What have Russians done for the world? They just stormed in with tanks across much of Europe, raped women, and kill men like the wild nomads they were 1000 years ago.
Oh, in case you didn't know, here's a surprising fact: Russia has more crimes than the US (even though the media chooses to ignore the everyday crimes going on in Russia because more eyes are on the US - with great power comes great responsibility). Then also compare how much other crimes are common in Eastern Europe - child porn, slave trade, drug trade (everyone will tell you to be careful in the streets of those countries because drugs and kidnappings are common there).
and on the contrary, I'd say that these guys have resulted to cyber crime exactly because they are bored!!! (poor is a better word though)! Its is poorer countries that result more easily to crime and desperate measures. Look at whats happening in the US, more and more people are being targeted by scams claiming to offer great jobs because there are so many people out there now desperate for jobs (in case you haven't noticed, search: job cuts) that they don't think twice that the strange email offering an easy and high-paying job is actually a rip-off that will steal money from their account once they cash the check or whatever the spam promises. In some of those countries (Russia, Ukraine, Slovakia, the Czech Republic) drug trade is an everyday activity to make some money so why not cyber crime. (For example, so many people in CR and Slovakia go to Ukraine (where drugs are cheaper), buy drugs, and sell them for a higher price in their home countries, whether it is CR or Slovakia).
It goes again with being poor. Without dealing drugs and stealing money, how can those people survive with paychecks that are just $500/month (and many things such as electronics, cars, food are more expensive there than in the USA, where btw people make $3500/month). just think about it.
In Europe people have many problems with these countries (Russia, Ukraine, Serbia, Slovakia, Czech Republic, Belarus, Poland resp.). It is not just the West that dislikes these countries.
As for research, I have lived in Europe and been to Eastern Europe many times. How about you?
12-07-2008 @ 1:50PM
JIM said...
I have a better idea, Why don't ALL of you people that pay bills online go back to making out a check and mailing it to them. You may have to make out the check a week early and waste time to mail it But that is safer than all this on line stuff. People are getting lazy and wait tell the last minute to take care of business. If it wasn't for people like you the dumb a$$ lazy crooks have have to think of some other way to make money instead of working like most of us has to do. All of the stores that like the online payment it is better for them the money is in there account faster and then they can ship the data input over seas were they pay somebody $3.00 per day. That is takeing jobs from USA if you send a Check it HAS to be input in the USA they for more jobs HERE. GET THE PICTURE DE TA DE AND DAAAAAA.
Reply