Equifax, one of the major credit reporting services in the US, got their system breached by hackers exposing Social Security numbers, addresses, names, and other personal information last May that was only discovered recently. Now, Equifax is under fire again as their website was thought to have been breached last Wednesday infecting its visitors with adware.
For several hours last Wednesday and a few more hours on Thursday, a phishing Adobe update ad was displayed in Equifax’s website. Once a visitor clicks on the ad, an adware called Adware.Eorezo is injected to the user’s computer. What’s more, only three out of 65 antivirus providers can detect the adware.
The phishing ad was first discovered by independent security analyst Randy Abrams. Abrams first encountered the Adware.Eorezo malware when he visited the Equifax website to check on a false credit information he found on his credit report. As he was checking on his credit report, his browser suddenly opened a page that looked like this:
After encountering It, Abrams tried to make the ad appear again even though it was highly unlikely as these phishing ads usually target select number of visitors only and only at once. To his fortune, he was able to encounter the ad again and record a video of it. All the ads redirected to the same centerblueray.info page that asked the visitors to update their Adobe Flash software. Once a user clicks on the install button, the adware is injected into his computer.
It was not clearly known at first how the ad got displayed. The strongest probable angle is with the fact that Equifax was working with a third-party ad network that’s been responsible with the redirect. Favorably for Equifax, this means that the “breach” was not on their website but rather on the ad network. Unfavorably for all of us, this means that this phishing ad is not only present on Equifax’s website but on all the other websites the ad network is working with. You can read more about how the conclusion that Equifax was working with a breached ad network or analytics provider in a group-sourced analysis here and an independent assessment by Kevin Beaumont here.
Abrams directly contacted Equifax regarding this problem and they got back to Abram early Thursday morning. The Equifax representative wrote:
“We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”
Breaches happen every day. However, not all breaches are being broadcasted in the media as some breaches are just from minor businesses or minor medical facilities. Still, these breaches can affect you a lot as personal information can be stolen by hackers which can be potentially used against you. Check out if any of your accounts have been breached for free at www.loginalarm.com. LoginAlarm checks all breaches, big or small, ensuring that your accounts are safe and secure.