Equifax insists web portal has not been compromised

The credit rating agency has pushed back on claims of a second cyberattack.
Written by Charlie Osborne, Contributing Writer

Equifax has taken down a customer support page on its websites amidst concerns that a second compromise has taken place, but insists this is not the case.

A website page affected by a third-party vendor has been removed out of "an abundance of caution," but according to the credit rating agency, the Equifax website is still operational and has not been the subject of a second cyberattack.

Equifax is still dealing with the aftermath of a vast data breach, which led to the theft of personal, sensitive information belonging to roughly 145.5 million US citizens, as well as at least 693,000 UK residents and Canadian individuals.

Earlier this week, Ars Technica reported that security researcher Randy Abrams visited the website on Wednesday to check his credit report, only to find, on multiple visits, fake Flash download requests which installed the crapware Adware.Eorezo.

In a video posted to YouTube, the researcher documents malvertising attempting to lure users to download the MediaDownloaderIron.exe payload, a highly obfuscated adware bundle.

It appears that on analysis, the malicious download was potentially the result of a third-party advertising network which allowed malicious ads to slip through the net -- which means that the payload was not truly hosted on the Equifax domain, but wormed its way in through an external partner.

"We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline," Equifax told the publication. "When it becomes available or we have more information to share, we will."

See also: Equifax ex-chief admits responsibility 'starts at the top' for devastating data breach | Equifax says 693,000 UK residents affected by hack | Equifax: An additional 2.5M Americans affected by breach | Equifax exposes credit services' woeful IT, processes, security

The credit rating agency later told the BBC that the company was able to "confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal."

Malvertising is a constant problem for ad networks and the web domains which rely on them to generate revenue to keep websites operational.

On occasion, threat actors will be able to bid for and secure an advertising spot on a legitimate domain, but will embed malicious links or code in the advert -- and together with the trust issued by the legitimate domain, visitors may be more likely to believe the ad is trustworthy and therefore click through or download malicious software.

If malvertising is at fault, there is little that Equifax could have done, and it was up to the ad network to vet their customers. As a result, the website is simply added to the list of legitimate victims of this practice, which also includes the Daily Mail, Yatra, and the Huffington Post.

Earlier this month, former Equifax CEO Richard Smith, who resigned following the security debacle, admitted that responsibility "starts at the top" for the situation and that he was ultimately at fault for a data breach which should "not have happened on his watch."

10 things you didn't know about the Dark Web

Previous and related coverage

    Researchers find 450,000 financial scams operating on social media

    Each successful attack can cost victims tends of thousands of dollars.

    SEC spoofed, malware hosted on US gov't server in new DNS attack

    A compromised US government server has been used to host malware in the attack chain.

    Judge smashes boundless warrant for identities of anti-Trump website users

    A US judge has stripped away the warrant to the bare bones, to DreamHost's delight.

      Editorial standards