What just happened? If you subscribe to updates from business publication Fast Company using the Apple News app, you might have received some unwelcome push notifications yesterday. It seems the company's Apple News account was hacked, the result of another hack that occurred on Sunday.
The Apple News push notifications from Fast Company contained racist slurs and obscene language. Some Twitter users captured screenshots of the messages---two were sent about one minute apart.
"The messages are vile and are not in line with the content of Fast Company," the publication said in a statement. Apple News confirmed the incident and disabled the FC channel. Fast Company went so far as to shut down its website until it could resolve the situation. Fastcompany.com is currently showing a "404 Not Found" page.
An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channel.--- Apple News (@AppleNews) September 28, 2022
It seems that before the Fast Company website was taken down, the hacker responsible posted an article on one of its pages. Someone called "postpixel" said they gained access through a default (and very simple) password for WordPress that was shared across several accounts, including an administrator's.
Once they got the password, the hackers were able to grab authentication tokens, Apple News API keys, and Amazon SES (simple email service) information. They also mocked the site's inadequate response to the hack: changing their database credentials, disabling outside connections, and fixing articles.
We are investigating the situation and have suspended the feed & shutdown https://t.co/U9iS8QOhkW until we are certain the situation has been resolved.--- Fast Company (@FastCompany) September 28, 2022
Engadget writes that a user called "Thrax" shared the same details of the hack on a forum for trading information stolen in security breaches. The post says they're releasing 6,737 employee records, including their emails, some password hashes, and unpublished drafts. Customer records were not compromised; the information was stored in a different database they could not access.
While pushing out obscene and racist messages is going to hurt Fast Company's public image, it's been noted that the hackers could have done much more damage with the access they gained.
There have been several high-profile hacks this month. The GTA 6 leak made international headlines---the person allegedly responsible was recently arrested by London police---and Uber suffered a massive breach, apparently carried out by the same GTA hacker.