Hackers broke into the computer systems of the American business magazine Fast Company and sent nasty push alerts to Apple News readers.
An unknown threat actor gained access to Fast Firm’s Apple News account on Tuesday, the company stated in a statement, after hackers broke into the company’s content management system (CMS). Hacker sent two “obscene and racist” push alerts to Apple News subscribers, leading people to tweet images of the messages after being outraged by them. Exactly how many people saw the alerts before they were removed is unclear.
Fast Company has stated that the messages are “vile” and “not in keeping with the content and culture of Fast Company.” FastCompany.com will be down until further notice as we investigate the issue.
Apple has also responded to the incident on Twitter, saying that it has deactivated Fast Company’s Apple News account because it has been hijacked.
An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channel.
— Apple News (@AppleNews) September 28, 2022
In addition, Fast Company said that the Tuesday attack followed a “seemingly related hack” of FastCompany.com that happened on Sunday afternoon and resulted in identical material appearing on the homepage and other parts of the website.
“That afternoon, we took the site offline and around two hours later, we brought it back online,” the firm said. Fast Company “deeply regrets” that “such vile language occurred on our platforms and in Apple News,” adding, “We apologise to anyone who read it before it was taken down.”
The corporation was not readily available to address our queries, and Fast Company did not disclose the nature of the incident. The Fast Company website currently redirects users to a “404 Not Found” page.
A hacker who calls themselves “Thrax” produced an essay disguised as sponsored material that explained how they broke into the website before it was taken down. According to the letter, a “ridiculously simple” default password was used for many accounts at Fast Company.
The hacker was able to send emails from any @fastcompany.com address by gaining access to authentication tokens, Apple News API credentials, and Amazon Simple Email Service (SES) tokens.
The hacker also posted an announcement to a famous hacking site on Sunday, saying that they were revealing a database with 6,737 Fast Company employee details, including email addresses, password hashes (for certain workers), and unpublished manuscripts.
Threat actors gained access to an unknown number of names, ages, phone numbers, email addresses, physical addresses, and identification document numbers, such as driver’s licence and passport numbers, from this very same forum in the recent Optus breach. The perpetrator of the attack claims to have published 10,200 files so far.
The Fast Company hacker claimed they were unable to access client details because they were likely kept in a different database, despite having previously infiltrated photo-sharing service ClickASnap and self-proclaimed free-speech social network USA Life.