Hackers Hijacked CheckFree.com

Posted on December 5th, 2008 by admin in Domain News | 4 Comments »

Seems like bad things come in multiples. Just as the domain world learned about the hijacking of hundred’s of domain names a few days ago, we learn that CheckFree.com – the large e-bill payment website – had two of its domain names hijacked Tuesday.

The hijackers quickly changed DNS settings of CheckFree.com and MyCheckFree.com to a blank login page on a different IP address that tried to install malicious software on Tuesday morning – before the true owners regained control a few hours later as reported by TheRegistrar. The server the domains were redirected to are believed to be based in Ukraine.

CheckFree spokeswoman Melanie Tolley said that the company suspects the hijackers tried to spread malware via the domain name redirection:

“The degree of exposure to users is dependent on how current their anti-virus software is and what browser they used to connect with,”

It is believed the hackers gained access to CheckFree’s registrar account username and password before changing the DNS settings.

The domain names are registered with Network Solutions and according to NetSol’s spokeswoman Susan Wade, at around 12:30 a.m. Dec. 2, someone logged in using CheckFree’s credentials and changed CheckFree’s DNS servers to point to the IP address in the Ukraine.

“Someone got access to [CheckFree's] account credentials and was able to log in,” Wade said. “There was no breach in our system.”

CheckFree is a huge company that services 24.7 million consumers and among the 330 kinds of bills you can pay through CheckFree are military credit accounts, utility bills, insurance payments, mortgage and loan payments. You can see a full list of companies associated with CheckFree here.

It is a good time people read this post about protecting their accounts from hacking.