For several hours on Wednesday, and again early Thursday morning, Equifax’s website was apparently breached again.
This latest malicious modification to the company’s site is intended to deliver fake Adobe Flash updates, which when clicked, infect visitors’ computers with adware. Only three of 65 antivirus companies – Panda, Symantec, and Webroot – were initially able to detect the latest security risk.
— BGR.com (@BGR) October 12, 2017
Thursday’s apparent breach is the second major disruption to Equifax in less than six months. In May, the credit reporting service’s website was hit by attackers who eventually made off with Social Security numbers, names, and other details. The total estimated impact of that breach is approximately 145.5 million U.S. consumers.
Ars Technica reported: “The move came after an independent security analyst on Wednesday found Equifax’s website was under the control of attackers trying to trick visitors into installing fraudulent Adobe Flash updates that could infected computers with malware.”
An Equifax representative said in a statement, “We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”