Readers of the business newspaper Fast Company subscribe to updates through Apple News. On September 28, night reported receiving a few vulgar push alerts with racial epithets. Many users were taken aback by the messages.
Many of them use Twitter to provide screenshots. Fast Company claims that its Apple News account was hacked and used to deliver obscenely. Racist push notifications in a statement to Engadget.
It further stated that the incident connects to a September 25 afternoon hack. Also, it had gone so far as to shut down the entire FastCompany.com domain temporarily.
Racist Push Notification on Apple News
“On September 27 night, a hacker gained access to the content management system account of Fast Company. As a result, our followers on Apple News received two offensive and racist push notifications a minute apart. The messages are disgusting and inconsistent with Fast Company’s culture or content. FastCompany.com suspend while we investigate until the matter resolves” this was company’s official statement
I am following a hack of FastCompany.com on September 25 afternoon when a similar language appeared. The attack on the site’s home page and other places seem to relate on September 27.
Fast Company website shut down
That afternoon, the website was shut down and reopened around two hours later. Fast Company regrets that such offensive material appeared on their websites. In Apple News and elsewhere, we sincerely apologize to anyone who saw it before removing it.
404 Not Found Screen on Fast Company Website
The 404 Not Found screen currently loads when visiting the Fast Company website. However, the malicious parties could write a statement that explained how they could access the website.
Included a link to a forum where individuals can access stolen databases. They said that Fast Company used a very weak default password for WordPress on several accounts, including one for an administrator.
They could obtain access data such as authentication tokens and Apple News API credentials from there. They were subsequently able to get several employees’ names, email addresses, and IP addresses thanks to the authentication keys.
A person going by the handle Thrax wrote on the newspaper’s website in the forum. They had provided a link announcing the release of a database with 6,737 employee records—email addresses of the employees and password hashes for some of them. These also contain some unpublished draughts among the data. However, because customer records are in a different database, they could not obtain them.
Stay tuned for more updates!