Brian Krebs reports:
Hackers last week apparently used stolen account information from a New Jersey company that provides online payroll services to target the firm’s customers in a scheme to steal passwords and other information.
[…]
Unlike typical so-called “phishing” scams — which are sent indiscriminately to large numbers of people in the hopes that some percentage of recipients are customers of the targeted institution — this attack addressed PayChoice customers by name in the body of the message. The missives also included reference to each recipient’s onlineemployer.com user name and a portion of his or her password for the site.
In a statement e-mailed to Security Fix, PayChoice said the company discovered on Sept 23 that its online systems had been breached. The company said it immediately shut down the onlineemployer.com site and instituted fresh security measures to protect client information, such as requiring users to change their passwords.
Read more on Security Fix