Fast Company Hackers Sent Out Obscene Push Notifications To Apple News Users (engadget.com) 21
Hackers infiltrated Fast Company's push notifications to send out racial slurs on Tuesday night. They also stole a database that includes employees' emails, password hashes for some of them and unpublished drafts, among other information. Customer records are safe, though, most likely because they're kept in a separate database. Engadget reports: In a statement, Fast Company has told Engadget that its Apple News account was hacked and was used to send "obscene and racist" push notifications." It added that the breach was related to another hack that happened on Sunday afternoon and that it has gone as far as shutting down the whole FastCompany.com domain for now. [...] Apple has addressed the situation in tweet, confirming that the website has been hacked and that it has suspended Fast Company's account.
At the moment, Fast Company's website loads a "404 Not Found" page. Before it was taken down, though, the bad actors managed to post a message detailing how they were able to infiltrate the publication, along with a link to a forum where stolen databases are made available for other users. They said that Fast Company had a default password for WordPress that was much too easy to crack and used it for a bunch of accounts, including one for an administrator. From there, they were able to grab authentication tokens, Apple News API keys, among other access information. The authentication keys, in turn, gave them the power to grab the names, email addresses and IPs of a bunch of employees. In a statement, Fast Company said: "Fast Company's content management system account was hacked on Tuesday evening. As a result, two obscene and racist push notifications were sent to our followers in Apple News about a minute apart. The messages are vile and are not in line with the content and ethos of Fast Company. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved. Tuesday's hack follows an apparently related hack of FastCompany.com that occurred on Sunday afternoon, when similar language appeared on the site's home page and other pages. We shut down the site that afternoon and restored it about two hours later. Fast Company regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down."
At the moment, Fast Company's website loads a "404 Not Found" page. Before it was taken down, though, the bad actors managed to post a message detailing how they were able to infiltrate the publication, along with a link to a forum where stolen databases are made available for other users. They said that Fast Company had a default password for WordPress that was much too easy to crack and used it for a bunch of accounts, including one for an administrator. From there, they were able to grab authentication tokens, Apple News API keys, among other access information. The authentication keys, in turn, gave them the power to grab the names, email addresses and IPs of a bunch of employees. In a statement, Fast Company said: "Fast Company's content management system account was hacked on Tuesday evening. As a result, two obscene and racist push notifications were sent to our followers in Apple News about a minute apart. The messages are vile and are not in line with the content and ethos of Fast Company. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved. Tuesday's hack follows an apparently related hack of FastCompany.com that occurred on Sunday afternoon, when similar language appeared on the site's home page and other pages. We shut down the site that afternoon and restored it about two hours later. Fast Company regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down."
regular slashdotters (Score:2)
> to send out racial slurs
I'm sure those same people are in slashdot comments all the time.
Re: (Score:2)
The targetted harrassment on this website is always bizzare.
I'm almost dissapointed I don't have my own hate group, though I only post on about 1 in 100 stories, but an old man can dream.
E. Coli (Score:1)
Wouldn't the sex act suggested lead to dangerous consumption of E. Coli?
Regarding the other content: America is learning that if you make a word taboo, you give it ultimate power.
Re: regular slashdotters (Score:1)
I sure am glad they caught Those guys. Very unpatriotic of Them.
Re: (Score:2)
Where do you get the idea they're USAliens?
Re: (Score:2)
Where have you gone, Beef Savage? (Score:2)
For others wondering (Score:2)
Fast Company is a monthly American business magazine...
Re: For others wondering (Score:2)
What about Apple News? Is that basically like Google News?
- hack or leak ? (Score:3)
The semantics are important. A company has been 'hacked' when an intruder does bad things through no fault of the company. OTOH, when a company is negligent in their security and loses data, it is a LEAK.
Companies prefer a term that makes them look blameless, of course.
Re: (Score:2)
...through no fault of the company...
Wordpress. Enough said.
Re: - hack or leak ? (Score:2)
Freedom of the push (Score:2)