Someone hacked Fast Company and sent obscene, racist Apple News push alerts

midian182

Posts: 8,303   +103
Staff member
What just happened? If you subscribe to updates from business publication Fast Company using the Apple News app, you might have received some unwelcome push notifications yesterday. It seems the company's Apple News account was hacked, the result of another hack that occurred on Sunday.

The Apple News push notifications from Fast Company contained racist slurs and obscene language. Some Twitter users captured screenshots of the messages—two were sent about one minute apart.

"The messages are vile and are not in line with the content of Fast Company," the publication said in a statement. Apple News confirmed the incident and disabled the FC channel. Fast Company went so far as to shut down its website until it could resolve the situation. Fastcompany.com is currently showing a "404 Not Found" page.

It seems that before the Fast Company website was taken down, the hacker responsible posted an article on one of its pages. Someone called "postpixel" said they gained access through a default (and very simple) password for WordPress that was shared across several accounts, including an administrator's.

Once they got the password, the hackers were able to grab authentication tokens, Apple News API keys, and Amazon SES (simple email service) information. They also mocked the site's inadequate response to the hack: changing their database credentials, disabling outside connections, and fixing articles.

Engadget writes that a user called "Thrax" shared the same details of the hack on a forum for trading information stolen in security breaches. The post says they're releasing 6,737 employee records, including their emails, some password hashes, and unpublished drafts. Customer records were not compromised; the information was stored in a different database they could not access.

While pushing out obscene and racist messages is going to hurt Fast Company's public image, it's been noted that the hackers could have done much more damage with the access they gained.

There have been several high-profile hacks this month. The GTA 6 leak made international headlines—the person allegedly responsible was recently arrested by London police—and Uber suffered a massive breach, apparently carried out by the same GTA hacker.

Permalink to story.

 

ScottSoapbox

Posts: 423   +785
I don't think you can call an administrator using a default password being "hacked".

Bad at hiring perhaps.
 
Last edited:

Last1Standing

Posts: 69   +30
Remember, TRUE hackers VERY rarely ever gets caught and only script kiddies, that has learned a few tricks here and there, are always exposed.

Please, no the difference between "hacker" and "script kiddies" (GTA6 breach, NVIDIA, etc.).