[need2sleep]

Since when is it ok to publish this without a single shred of evidence to support the dude's claims?

Laughable to say the least.

Dude probably got owned locally.

[tyingq]

Just tried http://www.equifax.com/fcra myself...it redirects to obviously shady sites, right now.

Edit: Currently it's doing it only for specific client user agents. Try an android one. This javascript is driving part of it: https://a248.e.akamai.net/f/248/5462/3h/hints.netflame.cc/se...

Edit: Found the bad bits. They are here: https://aa.econsumer.equifax.com/aad/uib/js/fireclick.js

See the part that starts with document.write()

Edit: maybe a red herring. Sure looks shady though.

[ballenf]

What's the stack used for the real https version? I got redirected there (I guess malware doesn't like Safari desktop or uBlock origin saved me) and felt like I fell through a time warp to 2007 (update: 2004, in actuality) with the form Equifax presents. So much low-res skeuomorphism I almost got nostalgic.

Not necessarily related to the security issues, just curious.

Edited to add: The site has a Copyright of 2004. None of the JS tools are later than that. Is this really the current site in use? Unchanged for 13 years... wow. Would be sorta cool, you know, if it wasn't completely hacked.

[RainaRelanah]

Not at all, the site is definitely compromised. Someone posted a link[0] that when I opened on mobile is redirecting to a malware site. Confirmed on two separate Android devices running 7.1 + Chrome.

[0] https://news.ycombinator.com/item?id=15456533

[didgeoridoo]

Want evidence? Click the link. Unless realcasinoslots.com is a creative new revenue stream for Equifax, the site has been hijacked.

[ceejayoz]

> Unless realcasinoslots.com is a creative new revenue stream for Equifax...

I'm not sure if that'd increase or decrease their sleaze factor.

[eradicatethots]

Maybe I’m not aware but I’m pretty used to just trusting large news outlets with good credibility on things like this