Equifax Website Hacked Again, Distributes Fake Adobe Flash Plugin Spreading Malware

Come on, Equifax, you're killing us here. We were already positively dumbfounded when Equifax reported that a security breach resulted in the personal information of over 140 million Americans -- including social security numbers – has been stolen via a website security vulnerability. What was even more unfathomable is that the attack went undetected for months, and that it took a few more months for Equifax to disclose the magnitude of the breach.

Now we're learning that Equifax has done it again. Just when we thought we couldn’t think any less of the company, Randy Abrams, an independent security analyst, discovered that the Equifax website has been hacked again. When visiting the Equifax website to inquire about some rather fishy information that showed up on his credit report, Abrams' browser was redirected to a malicious website that offered to update his version of Adobe Flash Player (which is a much-hated piece of software in its own right).

fake adobe flash equifax

That's a rather odd "offer" from Equifax, and as it turns out, the website wasn’t offering legit downloads of Flash. Instead, it had been compromised in an effort to spread Adware.Eorezo crapware. According to Ars Technica, Abrams' was able to reproduce this behavior on two subsequent trips to the Equifax website.

To see a video of the malware campaign in action, check out the site below:

It's unclear how Equifax was breached with this latest blunder -- hackers could have actually penetrated the website (again) or the site's advertising network could have been compromised. Regardless of HOW it happened, it's still yet another black mark against a company that has very little credibility left in the eyes of the American public.

Former Equifax CEO Richard Smith retired from the company last month following the disclosure of the initial data breach. He leapt to safety with a $90 million golden parachute.