Equifax has taken down a webpage after a visitor reported being targeted with malicious advertising.
Security analyst Randy Abrams first discovered the malicious pop-up message when he visited the Equifax website to confirm personal data, he told CNN Tech. What he found instead was yet another security issue for the credit agency.
A malicious pop-up asked Abrams to download something claiming to be Adobe Flash. But as Ars Technica initially reported, security companies consider the file adware.
“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” an Equifax spokesperson said in an email. “Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”
It’s the latest security issue for the credit agency after hackers stole data on more than 145 million people through an unpatched hole in the company’s software. Equifax announced the massive security breach last month. Federal and state agencies are now probing the hack.
The adware appeared on a part of the Equifax website where people can learn how to get a free or discounted credit report. As of Thursday afternoon, that website is no longer available.
“The website is currently down for maintenance,” a note on the page says. “We are working diligently to better serve you, and apologize for any inconvenience this may cause. We appreciate your patience during this time and ask that you check back with us soon.”
Abrams says he was able to duplicate the pop-up four or five times, but that Equifax itself was likely not hacked.
“Equifax was a portal and probably not directly hacked or compromised,” he said.
Experts say the security issue may be a result of a third-party analytics or advertising company used by Equifax displaying the adware. Many websites use analytics companies to track people who visit their sites.
Consumers should never click on pop-ups that unexpectedly ask you to download software. This type of adware could hijack your browser, serve up fraudulent search results, and lead to more pop-up ads.