Equifax may have been hacked again and it's not even funny anymore

2025-04-27 21:22:24admin

UPDATE(1:30 p.m. ET): Updated to include Equifax statement.

Equifax, the credit rating reporting agency that exposed personal data of nearly 150 million people, appears to have been hacked -- again.

The (probable) hack was noticed by security researcher Randy Abrams and first covered by Ars Technica. While visiting Equifax's website, Abrams noticed that some pages redirect to a site offering a fake, malware-bearing Flash update.

SEE ALSO: Turns out the Equifax hack was even more gigantic

Hijacking some pages on a hacked site to target visitors is a common tactic amongst malicious hackers. Often, you won't see the malware-infested links on every page, and nothing else on the site will indicate that something's wrong. But click on the link, and boom -- your computer is infected.

Abrams was able to reproduce the behavior several more times, and even took a video (below).

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

I was unable to reproduce this behavior in several browsers and from several IP addresses on my computer, and according to Ars Technica, Abrams, too, didn't see it in recent visits to the site. It's possible that Equifax took back control of the site, or that the hackers removed or changed the malicious code on the site.

If Equifax's site was really compromised by hackers, it's just adding insult to injury for the thoroughly embarrassed company. The first breach, announced Sept. 7, allowed hackers to get away with personal information, including social security numbers, of 145.5 million Americans. "We continue to take numerous steps to review and enhance our cybersecurity practices," interim CEO Paulino do Rego Barros, Jr. said in the original press release.

UPDATE: Equifax confirmed Thursday afternoon it is investigating the potential breach and has taken the affected website offline.

In a statement to Mashable, Equifax said, “We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”

UPDATE: Oct. 13, 2017, 8:16 a.m. UTC In a subsequent email, Equifax confirmed to Mashablethat, while the issue is real, its systems were not compromised.

"The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content. Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis," a spokesperson said.

Featured Video For You

Hundreds of new emoji are coming with iOS 11.1