Equifax Hack Again, Now a Redirect to a Fake Flash Update…
The Equifax website has been hacked once again, as per reports…
The probable hacking incident, which could have happened on Wednesday, has been noticed by independent security analyst Randy Abrams. Ars Technica has reported this in a recent post; the report says- “In May credit reporting service Equifax’s website was breached by attackers who eventually made off with social security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday the site was compromised again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors’ computers with adware that was detected by only three of 65 antivirus providers.”
Randy Abrams had visited the Experian website to check things after he got information of falsified personal information from TrustedID. Then he just thought of visiting Equifax website and do a casual check; it was then that he noticed the issue.
Randy Abrams writes in his personal blog ‘Security Through Absurdity‘- “I’m really not trying to kick Equifax while they are down. There are already 150 million other people doing that. I just sort of tripped over them…I like Equifax more than Experian. TrustedID gave me the heads up that Experian had falsified personal information in my file. After verifying that Experian did in fact falsify the data (it was due to incompetence and apathy) I decided to see if the misinformation had propagated to Equifax. As I tried to find my credit report on the Equifax website I clicked on an Equifax link and was redirected to a malicious URL. The URL brought up one of the ubiquitous fake Flash Player Update screens.”
The fake Flash Player Update screen was obviously carrying a malware payload. Ars Technica reports that Abrams tried re-checking and found the fake update screens when he checked at least three times consequently. The Ars Technica report says- “Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he’d see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once…Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. “
Reports by both Ars Technica and Mashable suggest that Equifax seems to have taken note of the issue and it has probably been cleared. Ars Technica also hints at the possibility of the hackers having “shut down for the night” and likely to return at will.
The Mashable report observes- “If Equifax’s site was really compromised by hackers, it’s just adding insult to injury for the thoroughly embarrassed company. The first breach, announced Sept. 7, allowed hackers to get away with personal information, including social security numbers, of 145.5 million Americans.”
Both reports, however, state that Equifax hasn’t yet commented on the alleged hacking incident.
Julia Sowells250 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.