You’d think increasing security would be at the top of Equifax’s list of priorities after it was brought to its knees by what could end up being the worst cyberattack in history. Sadly, that doesn’t appear the case. The company’s site was reportedly breached yet again on Thursday morning, according to a report from Ars Technica.
Independent security analyst Randy Abrams told Ars he came across an attempt to infiltrate user’s computers using a fake Adobe Flash pop-up. When clicked, the download link would infect a computer with adware that could only be detected by three of 65 antivirus products.
Abrams stumbled over the alleged adware while checking on his credit report. After clicking his way through the customer service page, he eventually hit a domain named “hxxp//:
Here’s a video uploaded by Ars Technica’s Dan Goodin showing the path Abrams took to reach the domain.
It’s not clear how the ad got there, but many security researchers believe a third-party working with Equifax is at fault. Equifax told Ars that it’s aware of the issue and has temporarily taken the page offline.
We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.
We tried to reach the Flash Player install pop-up ourselves but quickly hit a dead-end, “We’re sorry…the website is currently down for maintenance. We are working diligently to better serve you, and apologize for any inconvenience this may cause. We appreciate your patience during this time and ask that you check back with us soon,” it now reads.
If you need to go on Equifax’s website, do yourself a favor and avoid pressing on any random pop-ups or download links.
We’ve reached out to Equifax for more info, and will update this article if we hear back.