Fast Company's Website Hacked, With The Hacker Sending Offensive Push Notifications Through Apple News

28/09/2022

Just like most news publications on the internet, the news agency Fast Company uses Content Management System to manage the creation and modification of its digital content.

And this time, its website was hacked by a hacker, the outlet admitted.

Following this breach, the hacker sent racist posts to Fast Company's Apple News account that "are vile and are not in line with the content and ethos of Fast Company."

To contain the breach and prevent further damage, Fast Company took an extraordinary step, which is to shut down its entire website.

Fast Company hacked

Initially, visiting Fast Company's website returned a 404 error. A few days later, the website was updated to show the following message:

"Fast Company's content management system was breached Tuesday evening. As a result, two obscene and racist push notifications were sent to our followers in Apple News about a minute apart. The messages are vile and are not in line with the content and ethos of Fast Company. Tuesday's breach follows an apparently related event that occurred Sunday afternoon on FastCompany.com, when an unknown actor (or actors) posted similar language on the site's home page and other pages. Fast Company regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down. We immediately retained a leading global incident response and cybersecurity firm and together are investigating the situation. We have shut down FastCompany.com until the situation is resolved."

"While we work on the site, we will be continuing to publish news and analysis on our social channels: LinkedIn, Facebook, Instagram, Twitter and TikTok."

As for Apple, the tech titan also addressed the situation.

The company confirmed that Fast Company's website has been hacked and that it has suspended Fast Company’s Apple News account to help contain the damage.

It's worth noting that before Fast Company's website was taken offline, a hacker that goes by the name 'Thrax' claimed to be responsible for the breach.

The hacker posted an article labeled as sponsored content that detailed how they were able to infiltrate the publication.

The message claims that Fast Company had a “ridiculously easy” default password that was used across a number of accounts, including its administrator account.

Because of this, the alleged hacker had an easy access to the entire website, and was also able to steal a number of sensitive information, including authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens.

This allowed the hacker to send emails using any @fastcompany.com email.

Fast Company hacked

And not just that, because in a separate announcement, the alleged hacker wrote in a hacking forum, saying that they also managed to steal a database containing 6,737 Fast Company employee records.

The information within, include employees’ email addresses, password hashes for some of them, and unpublished drafts, among other information.

The hacker however, didn't have access to customer data, since it is stored in a separate database.

In a following news, it was realized that the hackers who took responsibility for the breach, said that they exploited an easily guessed default password, "pizza123."

The hackers managed to go deep into the business magazine's systems, simply because it reused that same and weak password across a dozen of its WordPress accounts, according to the hackers.