Equifax removes part of its website following discovery of adware-loaded Flash update
A third-party analytics vendor was to blameBy Rob Thubron
As if facing numerous lawsuits, a damaged reputation, and a US Justice Department criminal investigation wasn't bad enough, it briefly looked as if Equifax's website had suffered another breach yesterday. But the company says the problem came from a third-party vendor and that its systems were not compromised --- again.
The credit reporting firm is still dealing with the fallout from the data breach that affected over 143 million US consumers. When security researcher Randy Abrams told Ars Technica he was being redirected to hxxp//:centerbluray.info when visiting Equifax.com to check his credit report, it appeared as if another hack had taken place.
The site Abrams landed on consisted of a fake Flash installer that downloads what Symantec calls Adware.Eorezo, a piece of adware that bombards Internet Explorer with ads and may install browser toolbars and other similar unwanted programs.
Thinking he was unlikely to be redirected to the site more than once, Abrams revisited Equifax.com several times. He was taken to the fake Flash installer on at least three subsequent visits.
Soon after the report was published, Equifax put out the following statement: "We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will."
Later, confirming what some researchers had suspected, Equifax said that its website hadn't been breached. The issue involved a third-party vendor the company used to track website data. Its code was serving up the malicious content, and Equifax has since removed it from the site.
"Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal," the company said.