Equifax has taken down a webpage that provided credit score report help, a spokesperson instructed Gizmodo. The transfer follows a report that the web page was directing guests to put in pretend Adobe Flash updates containing adware.
“We’re conscious of the state of affairs recognized on the equifax.com web site within the credit score report help hyperlink,” the spokesperson mentioned. “Our IT and Safety groups are wanting into this matter, and out of an abundance of warning have quickly taken this web page offline. When it turns into out there or we’ve extra data to share, we are going to.”
The help web page, which could possibly be used to acquire a replica of 1’s credit score report, was changed with a message claiming that the positioning was underneath upkeep after safety researcher Randy Abrams found the issue.
“We’re working diligently to higher serve you, and apologize for any inconvenience this will trigger. We respect your persistence throughout this time and ask that you simply examine again with us quickly,” the web page informs customers—with none point out of the truth that earlier guests to the web page could have been tricked into putting in adware.
Abrams shared his findings with Ars Technica and demonstrated them in a video. When Abrams clicked the hyperlink to acquire a replica of his credit score report, he was as a substitute directed to obtain a pretend model of Flash that contained a file that safety companies like Symantec and and Webroot flag as adware.
It’s doable that the adware is being served not by Equifax’s web site itself however rather by an ad platform or analytics provider utilized by the corporate. Both means, it’s simply extra dangerous information for Equifax, which introduced a large hack in September that resulted within the lack of private data for 143 million individuals. This month, Equifax mentioned it had discovered another 2.5 million people have been affected by the breach and raised that complete to 145.5 million.
If the large knowledge loss wasn’t sufficient, Equifax was warned in regards to the vulnerability that led to the hack however failed to patch it, and has struggled to inform affected customers.[Ars Technica]