14 DAY TRIAL // In a data breach notification sent to the Office of Privacy Protection in Wisconsin, as required by law, CheckFree estimates that as much as 160,000 customers might have been affected in early December, when their domain names were hijacked.
We previously reported that at least two domain names belonging to the popular online bill payment service, CheckFree, pointed to an IP in Ukraine for several hours on December 2nd, after cyber-crooks got access to the Network Solutions account used to maintain the DNS records.
CheckFree offers online bill payment services to millions of customers directly or through their partners. This incident prompted the company to send notification letters to around 5 million consumers that used the system to pay over 330 types of bills. “The notification letter offers 2 years of free monitoring services,” the company notes.
The customers that attempted to visit the website during the 9-hour period got redirected to a blank page that sought to exploit critical vulnerabilities in version 8 of the Adobe Reader and Acrobat products, in order to install malware on the systems. There is still no official explanation over how the Network Solutions account was compromised, but the registrar issued a warning in October regarding an ongoing phishing campaign that targeted their customers.
CheckFree says that it was alerted of the hijack by the unusually low website traffic registered at that time. “CheckFree maintains that personal information was not accessed on their site as a result of this incident,” the entry on the website of Wisconsin's Office of Privacy Protection explains.
Brian Krebs of Security Fix, points out that the company's mail server records (MX) were also hijacked, at the same time with the domains. The entry pointed to the same Ukrainian IP on the 2nd of December, and had the potential to compromise all e-mail traffic between the company and the customers.
Fortunately, that wasn't the case, as the attackers did not set up a mail server on the rogue IP, either because they didn't think of it, or because they were unable to due to server limitations. Mr. Krebs notes that, according to Lori Stafford-Thomas, the vice president of external communications at CheckFree's parent company, Fiserv Corp., the Network Solutions logs were checked for this possibility and the conclusion was that the e-mails were not redirected.