Equifax Website Hacked Again, Distributes Fake Adobe Flash Plugin Spreading Malware
Now we're learning that Equifax has done it again. Just when we thought we couldn’t think any less of the company, Randy Abrams, an independent security analyst, discovered that the Equifax website has been hacked again. When visiting the Equifax website to inquire about some rather fishy information that showed up on his credit report, Abrams' browser was redirected to a malicious website that offered to update his version of Adobe Flash Player (which is a much-hated piece of software in its own right).
That's a rather odd "offer" from Equifax, and as it turns out, the website wasn’t offering legit downloads of Flash. Instead, it had been compromised in an effort to spread Adware.Eorezo crapware. According to Ars Technica, Abrams' was able to reproduce this behavior on two subsequent trips to the Equifax website.
To see a video of the malware campaign in action, check out the site below:
It's unclear how Equifax was breached with this latest blunder -- hackers could have actually penetrated the website (again) or the site's advertising network could have been compromised. Regardless of HOW it happened, it's still yet another black mark against a company that has very little credibility left in the eyes of the American public.
Former Equifax CEO Richard Smith retired from the company last month following the disclosure of the initial data breach. He leapt to safety with a $90 million golden parachute.