“We were already positively dumbfounded when Equifax reported that a security breach resulted in the personal information of over 140 million Americans — including social security numbers – has been stolen via a website security vulnerability,” Brandon Hill reports for HotHardware. “What was even more unfathomable is that the attack went undetected for months, and that it took a few more months for Equifax to disclose the magnitude of the breach.”
“Now we’re learning that Equifax has done it again. Just when we thought we couldn’t think any less of the company, Randy Abrams, an independent security analyst, discovered that the Equifax website has been hacked again,” Hill reports. “When visiting the Equifax website to inquire about some rather fishy information that showed up on his credit report, Abrams’ browser was redirected to a malicious website that offered to update his version of Adobe Flash Player (which is a much-hated piece of software in its own right).””
Read more in the full article here.
“He was understandably incredulous,” Dan Goodin reports for Ars Technica. “The site that previously gave up personal data for virtually every US person with a credit history was once again under the influence of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo.”
“It’s not yet clear precisely how the Flash download page got displayed. The group-sourced analysis here and this independent assessment from researcher Kevin Beaumont—both submitted in the hours after this post went live—make a strong case that Equifax was working with a third-party ad network or analytics provider that’s responsible for the redirects. In that case, the breach, technically speaking, isn’t on the Equifax website and may be affecting other sites as well,” Dan Goodin reports for Ars Technica. “But even if that’s true, the net result is that the Equifax site was arguably compromised in some way, since administrators couldn’t control the pages visitors saw when trying to use key functions, some which require visitors to enter Social Security numbers.”
Read more in the full article here.
MacDailyNews Take: Equifax is a three-shitter: It’s a shit company with shit management and shit IT personnel.
If there’s any justice in this world, Equifax — who obviously couldn’t even bother to hire qualified IT people who understand how to protect highly sensitive data — will be destroyed over this latest breach by lawsuits, fines, and loss of business due to their blatantly obvious incompetence. — MacDailyNews, September 8, 2017
SEE ALSO:
Equifax victims may face another hassle in buying an iPhone – September 14, 2017
Equifax’s latest breach is very possibly the worst leak of personal info ever – September 8, 2017