Equifax removes part of its website following discovery of adware-loaded Flash update


TechSpot Editor
Staff member

As if facing numerous lawsuits, a damaged reputation, and a US Justice Department criminal investigation wasn’t bad enough, it briefly looked as if Equifax’s website had suffered another breach yesterday. But the company says the problem came from a third-party vendor and that its systems were not compromised — again.

The credit reporting firm is still dealing with the fallout from the data breach that affected over 143 million US consumers. When security researcher Randy Abrams told Ars Technica he was being redirected to hxxp//:centerbluray.info when visiting Equifax.com to check his credit report, it appeared as if another hack had taken place.

The site Abrams landed on consisted of a fake Flash installer that downloads what Symantec calls Adware.Eorezo, a piece of adware that bombards Internet Explorer with ads and may install browser toolbars and other similar unwanted programs.

Thinking he was unlikely to be redirected to the site more than once, Abrams revisited Equifax.com several times. He was taken to the fake Flash installer on at least three subsequent visits.

Soon after the report was published, Equifax put out the following statement: “We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”

Later, confirming what some researchers had suspected, Equifax said that its website hadn’t been breached. The issue involved a third-party vendor the company used to track website data. Its code was serving up the malicious content, and Equifax has since removed it from the site.

"Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal," the company said.

Permalink to story.


Uncle Al

TS Evangelist
It just gets better and better ..... next thing they'll find hidden camera's in the visitors bathroom!


TS Evangelist
Why do you need ads in a financial website. Even my bank website does not host 3rd party ads. Ads are vectors for hackers to do malicious things. Given the monopoly in credit monitoring I dont see why you need 3rd party services for tracking if you value privacy.


How have these clowns not been arrested and the company liquefied? If an actual person screwed up even fractionally bad as this they'd be looking at a fine and maybe some jailtime. If corporations are people then drag them into court.