hacked: users financial info could be at risk


According to The Register as reported in the Washington Post, one of the biggest bill-paying sites on the Internet,, has been hacked, potentially opening up its customers to malware. On Tuesday, December 2nd, customers logging in to pay their bills were apparently redirected to a Ukrainian server which attempted to infect their computer.

A CheckFree spokesperson acknowledged the attack and claimed that the company wrested control back from the hackers by dinnertime the same day. (Update: The CheckFree spokesperson tells me that the problem began in the very early morning of Dec. 2, and by 10:10 a.m. the company had successfully plugged the leak). While CheckFree has not yet finished analyzing the uploaded malware, the spokesperson told the Post that the severity of the infection would be related to the anti-virus software running on the customer's computer and the browser used to access the account.

A researcher for Trend Micro told the Post that the virus was a Trojan horse program designed to obtain the customer's user names and password.

According to CheckFree, almost a third of all Americans now pay bills online. CheckFree accepts payments for hundreds of companies, includes AT&T, Bank of America, Chevron, DIRECTV, and Time Warner. I don't see any Ukrainian companies on the list, though. Yet.

I'm awaiting a return call from Checkfree to learn what actions customers concerned about the security of their data might take, and will update this post as soon as I have this information. The company's published guarantee states that, when notified within two business days of a unauthorized transaction, your liability will be limited to $50. If you pay through, I'd suggest checking your linked accounts regularly through the day until this situation is resolved.

Addendum: A spokesperson at Fiserv, the parent company of CheckFree, contacted me with details of the company's response to this intrusion. She assured me that the hole in CheckFree's system had been patched promptly, that the company is already notifying affected users, and that those affected will receive free copies of McAfree antivirus software as well as free McAfree scans of their computer and the Deluxe ID Theft Block credit monitoring service. She also clarified the risk; users whose anti-virus program was out of date or who had no anti-virus protection could have been "subject to a malicious software download."