Users of Apple News received obscene push alerts from Fast Company hackers.

Date:

The bad actors released a database with thousands of employee records.

Readers of the business newspaper Fast Company who subscribe to updates through Apple News on Tuesday night reported receiving few vulgar push alerts with racial epithets.
 
Many users were taken aback by the messages, which if you weren’t expecting them, may really make you spit up, and many of them turned to Twitter to provide screenshots. 
Fast Company claims that its Apple News account was hacked and used to deliver “obscene and racist” push notifications in statement to Engadget. 
It further stated that the incident was connected to Sunday afternoon hack and that it had gone so far as to temporarily shut down the entire FastCompany.com domain.

The publication said:

“Fast Company’s content management system account was hacked on Tuesday evening. As a result, two obscene and racist push notifications were sent to our followers in Apple News about a minute apart. The messages are vile and are not in line with the content and ethos of Fast Company. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved. Tuesday’s hack follows an apparently related hack of FastCompany.com that occurred on Sunday afternoon, when similar language appeared on the site’s home page and other pages. We shut down the site that afternoon and restored it about two hours later. Fast Company regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down.”

Apple has addressed the situation in tweet, confirming that the website has been hacked and that it has suspended Fast Company’s account:

At the moment, Fast Company’s website loads a “404 Not Found” page. Before it was taken down, though, the bad actors managed to post a message detailing how they were able to infiltrate the publication, along with a link to a forum where stolen databases are made available for other users. They said that Fast Company had a default password for WordPress that was much too easy to crack and used it for a bunch of accounts, including one for an administrator. From there, they were able to grab authentication tokens, Apple News API keys, among other access information. The authentication keys, in turn, gave them the power to grab the names, email addresses and IPs of a bunch of employees.

A user called “Thrax” posted in the forum they linked on the publication’s website, announcing that they were releasing a database containing 6,737 employee records. These include employees’ emails, password hashes for some of them and unpublished drafts, among other information. They weren’t able to get their hands on customer records, though, most likely because they’re kept in a separate database.

 

Share post:

Subscribe

Popular

Election 2024: Bawumia pledges to increase solar power by 2,000 megawatts 

Vice-President Dr Mahamudu Bawumia, the New Patriotic Party (NPP)...

GIPC to introduce Investor Grievance Mechanism to address investors’ challenges 

Mr Reginald Yofi Grant, Chief Executive Officer of the...

Indian High Commissioner applauds Ghana for technological drive; urges more investments

Mr Manish Gupta, the Indian High Commissioner, has lauded...

In a victory for Biden, a US judge suspends the Texas border security measure.

A United States appeals court has put on hold...

More like this
Related