Be Afraid, Be Very Afraid.



If you’ve ever dealt with PayMaxx online payroll service, you need to get a credit report on yourself ASAP! Here is the story from news.com.

“Aaron Greenspan, a former PayMaxx customer, said he discovered the alleged problems in the company’s system more than two weeks ago, after he received notification from the company that his W-2 tax form was available online for download and printing. The link to access the W-2 included an ID number, and he wondered whether the company had protected against an obvious security problem: adding one to the ID number to get the next form. Instead of being denied access, Greenspan found that another person’s W-2 was downloaded and readable. Sequential, rather than randomized, ID numbers made it easy to call up numerous customers’ data. The hole could have allowed employees at PayMaxx’s clients to access more than 25,000 W-2 forms for last year and the W-2 forms for years back to 2000, he said. He said his investigation revealed that PayMaxx’s database contained a record for testing purposes that contained a Social Security number of 000-00-0000 and a password of all zeros. That could allow anyone to log into the site and then use the lack of authentication to sequentially download all the W-2 forms, Greenspan said. “Anyone could have been exploiting these security issues for years, and no one would have known about it,” he said.”

Also read about Bank of America Losing 1 Million Customer records.

About geeknews

Todd Cochrane is the Founder of Geek News Central and host of the Geek News Central Podcast. He is a Podcast Hall of Fame Inductee and was one of the very first podcasters in 2004. He wrote the first book on podcasting, and did many of the early Podcast Advertising deals in the podcasting space. He does two other podcasts in addition to Geek News Central. The New Media Show and Podcast Legends.