A recent incident involving two well-known financial services companies serves as a reminder to Web developers to be very careful about incorporating third-party code into their websites. Equifax, which has been in the news following a record-breaking data breach, and its rival TransUnion were both recently found to be serving malware from their websites. Some users who visited the companies’ sites saw fake Flash player update notices that would download malware when clicked.
“The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content,” Equifax stated. “Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis.”