Following a report that its consumer-facing website may have been serving up malware to visitors, Equifax — the credit bureau that seems intent on finding every way possible to ruin your day — has pulled some of its web pages offline.
Earlier today, a security researcher shared a recording he made of an Equifax web page redirecting him to malware masquerading as a Flash update.
Ars Technica dug into the details a bit and found enough evidence for “a strong case” that a third-party ad or anyalytics provider that was doing the redirecting.
“In that case, the breach, technically speaking, isn’t on the Equifax website and may be affecting other sites as well,” Ars notes. Still, it’s the latest in a long string of bad looks for Equifax.
And Equifax finally seems concerned, too, since in the hours after the first story ran and traveled the web it’s now taken down that page altogether. When we took the screenshot at the top of this post around 2:45 p.m., the page still read, “We’re sorry… The website is currently down for maintenance. We are working diligently to better serve you, and apologize for any inconvenience this may cause. We appreciate your patience during this time and ask that you check back with us soon.”
A representative for Equifax issued a statement saying, “We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”
Malware being served up on the official site is a different problem from the hundreds of fake lookalike scam sites out there pretending to be Equifax, of course; you should avoid those, too.