Site   Web

October 13, 2017

Latest Equifax Hack Takes Users to Bogus Flash Update Page

Consumer credit reporting agency Equifax has been hacked — again.

Spotted by independent security analyst Randy Abrams, the latest hack hit Equifax’s website Oct. 11. Anyone visiting the site received a prompt to update their Flash Player. Those that did so ended up installing adware to their computer.

“As I tried to find my credit report on the Equifax website I clicked on an Equifax link and was redirected to a malicious URL. The URL brought up one of the ubiquitous fake Flash Player Update screens,” Abrams wrote in a blog post.

“Seriously folks. Equifax has enough on their plate trying to update Apache. They are not going to help you update Flash. I know that nobody is surprised at my find, but watching Equifax is getting to be like watching a video of United Airlines “deplaning” a passenger… It hurts.”

The video below shows the malicious Flash Player update in action:

As PC Mag pointed out, only three anti-virus providers — PandaSymantec, and Webroot — actually detected the adware on the Equifax site.

So those using other providers who did not see the prompt as suspicious ended up a victim of the latest hack.

Equifax last month admitted to a massive security breach in which hackers gained access to sensitive client information — including Social Security numbers, birth dates, addresses and, even some driver’s license numbers — of 143 million people. The attack occurred from mid-May through July of this year and is under currently investigation by the authorities.

Clearly Equifax is not taking system security seriously, despite its recent woes which, presently, go down as one of the biggest breaches in U.S. history.


Jennifer Cowan is the Managing Editor for SiteProNews.