On Tuesday evening this week, Fast Company’s content management system (CMS) got hacked and hackers sent two notifications to its followers via Apple News that included a racial slur and an offensive invitation to a sexual act.
Referring to themselves as “postpixel”, hackers also posted a message on the Fast Company’s website which described how the attack was executed and blamed the company for doing little to prevent it.
According to the message, the company had a “ridiculously easy” default password that was shared across several accounts, including an administrator which provided attackers access to sensitive information like FastCompany’s Apple News API keys, authentication tokens, and Amazon Simple Email Service (SES) tokens, and they were able to send out emails through any @fastcompany.com email.
Prior to hacking the company’s CMS, attackers also posted a message on a popular hacking forum claiming that they would release FastCompany’s database which included records of 6,737 Fast Company employees like their email addresses, unpublished drafts, and other information.
However, the hacker could not access customers’ records as they were stored in a separate database.
Fast Company apologizes to its followers on Apple News and shuts down the website
In a statement, the publisher confirmed the attack and rendered an apology to its followers. The company has explained that the obscene notifications are a part of a series of attacks it has faced.
Fast Company's Apple News account was hacked on Tuesday evening. Two obscene and racist push notifications were sent about a minute apart.
The messages are vile and not in line with the content and ethos of Fast Company. (continued below)
— Fast Company (@FastCompany) September 28, 2022
Until the security is restored, the company has shut down its website. And Apple News has suspended its channel.
Fast Company’s content management system was hacked on Tuesday evening. As a result, two obscene and racist push notifications were sent to our followers in Apple News about a minute apart.
The messages are vile and are not in line with the content and ethos of Fast Company. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved.
Tuesday’s hack follows an apparently related hack of FastCompany.com that occured on Sunday afternoon, when similar language appeard on the site’s home page and other pages. We shut down the site that afternoon and restored it about two hours later.
Fast Companny regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down.
An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channel.
— Apple News (@AppleNews) September 28, 2022