Checkfree.com hacked: users financial info could be at risk
Filed under: Ripoffs and Scams
According to The Register as reported in the Washington Post, one of the biggest bill-paying sites on the Internet, CheckFree.com, has been hacked, potentially opening up its customers to malware. On Tuesday, December 2nd, customers logging in to pay their bills were apparently redirected to a Ukrainian server which attempted to infect their computer.
A CheckFree spokesperson acknowledged the attack and claimed that the company wrested control back from the hackers by dinnertime the same day. (Update: The CheckFree spokesperson tells me that the problem began in the very early morning of Dec. 2, and by 10:10 a.m. the company had successfully plugged the leak). While CheckFree has not yet finished analyzing the uploaded malware, the spokesperson told the Post that the severity of the infection would be related to the anti-virus software running on the customer's computer and the browser used to access the account.
A researcher for Trend Micro told the Post that the virus was a Trojan horse program designed to obtain the customer's user names and password.
According to CheckFree, almost a third of all Americans now pay bills online. CheckFree accepts payments for hundreds of companies, includes AT&T, Bank of America, Chevron, DIRECTV, and Time Warner. I don't see any Ukrainian companies on the list, though. Yet.
I'm awaiting a return call from Checkfree to learn what actions customers concerned about the security of their data might take, and will update this post as soon as I have this information. The company's published guarantee states that, when notified within two business days of a unauthorized transaction, your liability will be limited to $50. If you pay through CheckFree.com, I'd suggest checking your linked accounts regularly through the day until this situation is resolved.
Addendum: A spokesperson at Fiserv, the parent company of CheckFree, contacted me with details of the company's response to this intrusion. She assured me that the hole in CheckFree's system had been patched promptly, that the company is already notifying affected users, and that those affected will receive free copies of McAfree antivirus software as well as free McAfree scans of their computer and the Deluxe ID Theft Block credit monitoring service. She also clarified the risk; users whose anti-virus program was out of date or who had no anti-virus protection could have been "subject to a malicious software download."
Watching Your Plastic
Shoppers pass Macy's department store which opened at 5:00 a.m. Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
Shoppers pass merchandise while on line to use the escalator at Macy's department store, which opened at 5:00 a.m. Friday, Nov. 28, 2008, in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
Shoppers pass merchandise while on line to use the escalator at Macy's department store, which opened at 5:00 a.m. Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
People shop at Macy's department store which opened at 5:00 a.m. Friday, Nov. 28, 2008, in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
People shop at Macy's department store which opened at 5:00 a.m. Friday, Nov. 28, 2008, in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
Pedestrians and shoppers pass Macy's department store which opened at 5:00 a.m. Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
Cars move past Toys R Us in Times Square which opened at 5:00 a.m. Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
People shop at Toys R Us in Times Square just as the store opened at 5:00 a.m. EST Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
People shop at Toys R Us in Times Square just as the store opened at 5:00 a.m. EST Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
People shop at Toys R Us in Times Square which opened at 5:00 a.m. Friday, Nov. 28, 2008 in New York. The nation's retailers are set to usher in the holiday shopping season Friday with pre-dawn openings, deep discounts and a downright dismal economic outlook that threatens to keep shoppers' credit cards securely in their wallets. (AP Photo/Frank Franklin II)
AP
Reader Comments (Page 1 of 2)
12-07-2008 @ 6:40AM
ROBERT said...
THIS IS ANOTHER EXAMPLE OF LAZINESS ON PART OF ANY COMPUTER OPERATOR. ALL LEGIMATE COMPANIES ALLOW YOU TO PAY YOUR BILLS DIRECTLY FROM YOUR ON LINE BANKING ACCOUNT DIRECT TO THE COMPANY YOU ARE DOING BUSINESS WITH. I WOULD STRONGLY SUGGEST, THAT THOSE VERY FEW COMPANIES WHO ASK YOU TO GO THROUGH CHECK FREE.COM, STOP DOING BUSINESS WITH THEM IMMEDIATELY, AND TELL THEM WHY YOU ARE DOING SO. THEY WILL GET THE MESSAGE REAL FAST, AND THENTHEY WILL HIRE BETTER PROGRAMMERS FOR THEIR COMPANY TO REDO THEIR WEB SITES. ALL TOO MANY COMPANIES HIRE HAMBURGER FLIPPERS TO DO THEIR WEBSITES, CHEAP LABOR, AND GET CHEAP RESULTS, THEREBY ENDANGERING THEIR CUSTOMERS. TELL THEM YOU HAD ENOUGH OF THEM. ANY OIL COMPANY CREDIT CARD SYSTEM THAT WON'T LET YOU PAY YOUR BILL DIRECTLY FROM YOU CHECKING ACCOUNT, YOU DON'T NEED OR DEPARTMENT STORE FOR THAT MATTER. GET CONTROL OF YOUR LIFE AND FINANCES QUICK, AND TELL THE REST OF THEM TO GO STRAIGHT TO HELL.
Reply
12-07-2008 @ 8:09AM
Bobby said...
Hackers are public enemy # 1. I give more credence to a crooked CEO or punk holding up a convenience store. At least they make physical effort to commit a crime. I wish I could find something good to say about society anymore, but even the privacy & convenience of your home is invaded with these cyber thieves.
They should do hard time when caught! As distasteful as OJ is to me, he only tried to steal his once owned possessions back. Cyber thieves steal from millions & ruin their lives forever in some cases!
Reply
12-08-2008 @ 2:16PM
Lisa said...
You are sooooooooooooo right. What happened to the days when everyone was kind and honest to each other and crime was mostly petty. It really is a very very sad world we live in now. Nothing about you or you're home is safe. When you get scammed in real life or online you feel raped,
These online scammers should spend the rest of their lives in prison. After all they have ruined someones life forever so tit for tat. I think our laws for punishment should be a lot stricter maybe then criminals would think a bit harder about commiting a crime.
12-07-2008 @ 8:50AM
Allison said...
On top of the stupidity of people
This is interesting... 5 Retarded Get-Rich Quick Scams (People Still Fall For)
http://www.curiousread.com/2008/10/5-retarded-get-rich-quick-scams-people.html
Reply
12-07-2008 @ 8:01PM
Jen said...
Listen, Robert, if you pay bills online or even via paper, you're really not safe anywhere anymore, genius. I personally use Checkfree for one utility. I am checking NOW to make sure I wasn't on on the second of December because that's how long it took me to reinstate my accounts after having my internet banking invaded and credit cards set up for payment THERE that weren't even ours a month ago! Don't assume you should do this and shouldn't do that if you are being smartest and safest, wise guy. I also pay some things using paper and was also having checks forged. Not sure if it was two separate incidents, that one involving paper fraud, or all part of the same people who invaded my online accounts.
Reply
12-08-2008 @ 7:34PM
JohnBoydStrother said...
McAfee spyware , what a joke. Allow a hacker to get in and redirect communications enstead of shutting the system down. Then offer the affected customers something they either already have or a cheaper version then what they use. McAfee is a cheap anti-virus program. It does not do it's job. There are a few much better programs to use and really just using one program to clean computer is like relaying on 1 wheel brake to stop a car. If it fails, you are doomed.
If I had done business with them, I would expect my transactions to be honored and reimbursted to me along with any late charges. This is what doing business is all about, making sure your customers are covered. Otherwise, you should be put out of business. For you sure are not trust worthly. This shows me that they are NOT Trust Worthly and do Not have use of my money. CAN"T SHUT DOWN A SYSTEM to protect MILLIONS OF CUSTOMERS, but can give out cheap McAfee discs? I think we all been told to bend over and take it.
Reply
12-07-2008 @ 9:10AM
E-Dude said...
Real stupid picture. A black mans head on a white boy body.
Reply
12-07-2008 @ 6:39PM
kim said...
If you look again he has a stocking on his head!
12-07-2008 @ 9:31AM
mrst2328 said...
even more stupid is not realizing the face in the pic has been altered to hide the identity...
12-07-2008 @ 1:07PM
marla said...
I thought he had a panty hose on his head.
12-07-2008 @ 9:47AM
teltech54 said...
As soon as I find out about things like this happening it is very easy to go online to the real site and change your password. When my credit card companies sent me a new credit card because of the TJMaxx and local supermarket hack job I just went on line and changed the password. Better safe than sorry.
Reply
12-07-2008 @ 11:41AM
fin said...
posters #5 & 6
Even more stupid is not noticing that the guy is wearing a black stocking over his head!
(LOL - how old are your monitors????)
Reply
12-07-2008 @ 11:48AM
JAMES FRISK said...
We used to have to worry about local thief's now its the world
Reply
12-07-2008 @ 12:27PM
Tony said...
So at the time of this reading it took 5 DAYS! for me to find this out? Granted I had not signed on during the infected period of time however I changed my password then got onto LIVE CHAT to express my opinion 'not of the security issue' but of the lack of communication with members paying bills online with checkfree. I also stated that I would be changing my service to another because of this lack of communication. I will just use my bank's 'bill pay' for now. It is not the security problem or the break in of servers, this can happen to anyone, it is the lack of communication with all members of steps taken to fix and urging customers to change passwords.
Checkfree has been flawless in my bill paying but I gotta go ;)
Tony
Las Vegas, NV
Reply
12-07-2008 @ 12:43PM
Tony said...
If you sign onto checkfree.com you will notice no email contact just LIVE CHAT. Here is an email link I would urge you all to use to send your opinion of the lack of contact checkfree had with it's customers concerning the security issue on Dec. 2nd.
here is the email link: checkfreebillpay@customercenter.net
Tony
Las Vegas, NV
12-07-2008 @ 12:50PM
ar said...
well I used this website and just happened to have 3 bills that have been paid out of there... and of course .. i got a phone call from my bank on saturday am.. saying that someone hacked into my account and cleaned it out.. not with cash but the charged .. because thru check free.. they get your debit card number and expiration date... i have used this site for 2 years... its just unbelievable... 1700.00 they charged on my debit card... i hope their hands all fall off and they rot in hell...
Reply
12-07-2008 @ 1:36PM
Theresa said...
Here's a tip from my bank which is US Bank. When paying online it is better to use a debit/credit/check card than to enter your bank's routing and acount number info. If your debit/credit/check card is compromised, the banking institution can shut it down immediately and send you a new card and pin number whilke still allowing you to physically go to the bank and access your funds. However, if your routing and account number are stolen or compromised, the bank must shut down your entire account while they investigate. Your funds are, in efffect, frozen. You have no access to them until their investigation is complete which could take weeks. This actually happened to my daughter twice on 2 different accounts. One swiped her card info from an online transaction and used it to purchase drug-related items from a Canadian mail order pharmacy. Her second account from a completely different institution was compromised al a retail shop when she physically swiped her card through the reader. In both instances, she was able to shut down the cards but still have access to her funds by making a physical withdrawal in person at each of the banking institutions. I used to make on-line payments using my bank info because some sites charge a fee (between $3 and $4.95) for using a debit/credit/check card and I absolutely think that is a rip-off. However, even though it really ticks me off to pay a fee, it's better than having the entire account "frozen".
12-07-2008 @ 1:08PM
itm said...
isn't it interesting how such a large number of these hackers always end up being from Russia, Ukraine, Belarus, and other third-world Eastern European countries (yes I do realize that all of these hated geek countries have something in common - they're Slavic). Just a suggestion, but can't they do something productive with their lives instead of just destroy the lives of others?
I mean, it is getting tiresome. Every single time I see a story about hackers or something similar I know that the criminals are from Russia or some other depressing country.
Reply
12-07-2008 @ 1:26PM
Alaine said...
That's rude. The Slavs are a great people, most of these hackers work with or for the mob. There are millions of people living in that area of the world, don't group them together with a small group of computer-hacking mobsters. These guys are not doing this out of boredom--as far as they are concerned, stealing your money is a perfectly productive way to spend their time.
Also, do your research. There are plenty of incidents originating form non-"depressing" countries, especially the US and Britain. You just choose not to remember them.
12-07-2008 @ 1:23PM
Carl said...
I AM WAITING FOR THE DAY SPAMMERS DISCOVER ALL THE ON LINE - OVER THE INTERNET PAYROLL COMPANIES.
I CAN HEAR THEM THINKING.....LET'S SEE, SHOULD I GO AFTER GENERAL MOTORS PAYROLL OR MAYBE, WHAT WAS THE NAME OF THAT BUSINESS? ANYWAY A FEW MIL TODAY WILL HELP THE OLD BANK ACCOUNT.....
Reply