Equifax’s website may have been hacked again …seriously http://ift.tt/2x514up

Randy Abrams discovered an error on his credit report this week, through Equifax’s TrustedID, a security service the company offered for free in the wake of a data breach that potentially impacted more than 143 million U.S. adults.

After Abrams determined another credit reporting agency, Experian

EXPN, +0.84%

 had wrongly changed his address on his Experian report, he decided to check his credit report on the Equifax website to be sure his address was correct with the agency.

But he was in for a bad surprise. He soon encountered a mysterious pop-up that he recognized as hackers’ attempt to download malicious software onto his computer, he told MarketWatch in an interview Thursday. (Equifax has since taken the page offline, and removed the third-party vendor.)

Here’s what happened: He visited Equifax’s

EFX, -1.53%

 website and navigated to a link labeled “Credit Report Assistance Overview,” then clicked on a button labeled “Get Started,” under the headline “Other Ways to Obtain a Free or Discounted Credit Report.”

But just as he prepared to fill in his personal information, the site redirected him to what looked like a download of Adobe Flash Player. Fortunately for him, Abrams has worked for decades in the cybersecurity industry and recognized immediately that his computer was under attack. He closed the window, and it was not able to download.

Others might not be so lucky. “This kind of stuff happens all over, every day throughout the world,” Abrams said. Abrams went back onto the website to try to replicate the problem, and he saw the same attempted download multiple times.

This is what appears to have happened: Abrams found out with the help of third-party security experts and a reporter at the publication Ars Technica, is that the pop-up masquerading as an Adobe download was actually a form of cyberattack known as “malvertising.”

Many companies work with third-party analytics or advertising firms that have access to their websites, Abrams said, and hackers could potentially gain access to any website those firms work with. Equifax was probably “an unfortunate conduit” to that type of attack, he said. “It was probably happening to a thousand or more websites throughout the world at precisely the same time.”

It’s possible that hackers specifically targeted Equifax through its third-party partner because the company is seen as weak in the breach of its original attack, said Eric O’Neill, a national security strategist for the security firm Carbon Black. When hackers “sniff vulnerability, they all come calling,” he said.

Don’t miss: Were you impacted by the Equifax breach? You risk financial chaos by doing nothing

A spokeswoman for Equifax said Thursday the company was “aware of the situation” on the company website’s credit report assistance link. “Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”

She also confirmed Abrams’s theory that Equifax’s systems were not compromised as they originally were, but said the issue “involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content.”

Abrams made a video on his own website to warn fellow consumers of what such an attack looks like. He said if consumers ever experience an unwanted download while online, they should navigate away from the page they’re on, close their browser if possible, kill the browser in their device’s task manager, or as a last resort, reboot the computer.

Shutting the computer down while the attempted download happens can be another last resort, he said. “The most serious thing is that Equifax has so much traffic coming to it and to that specific link right now,” he said. “If it were another site it would be really serious, but wouldn’t hit as many people.