Join NexChange - the professional
network for the financial services
industry - and receive a free one-
year subscription to Forbes
WTF: Equifax May Have Been Hacked Again
A couple of days after the Wall Street Journal reported that the massive security breach that compromised sensitive information belonging to about 145.5-million American consumers also included roughly 10.9 million drivers license numbers, comes word that Equifax may have just suffered another hack.
Ars Technica reports that Randy Wilson, an independent security analyst, visited the Equifax site on Wednesday evening to check on what he claims is false information on his credit report. However, when Wilson visited the since-deactivated section of Equifax’s website, he was redirected to the domain hxxp//:centerbluray.info where he was being goaded into d0wnloading an Adobe Flash update that was both fake and loaded with malware.
In fact, Wilson was actually redirected to the bogus Flash download on subsequent visits to the Equifax site, according to Ars Technica.
It’s not yet clear precisely how the Flash download page got displayed. The group-sourced analysis here and this independent assessment from researcher Kevin Beaumont—both submitted in the hours after this post went live—make a strong case that Equifax was working with a third-party ad network or analytics provider that’s responsible for the redirects. In that case, the breach, technically speaking, isn’t on the Equifax website and may be affecting other sites as well. But even if that’s true, the net result is that the Equifax site was arguably compromised in some way, since administrators couldn’t control the pages visitors saw when trying to use key functions, some which require visitors to enter Social Security numbers.
An Equifax spokesperson later emailed Ars Technica, saying the company’s “IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”