Apple News Got Obscene Notifications From Fast Company Hackers

CTN NEWS –  Subscribers to Fast Company via Apple News got a couple of obscene push notifications with racial slurs Tuesday night. Many users were caught off guard by the messages.

They’d cause a spit take if you weren’t expecting them – and people took to Twitter to share screenshots. In a statement. Fast Company has told Engadget that its Apple News account was hacked and was used to send “obscene and racist” push notifications.

It added that the breach was related to another hack that happened on Sunday afternoon and that it has gone as far as shutting down the whole FastCompany.com domain for now.

Users of Apple News

Fast Company’s content management system account was hacked on Tuesday evening. As a result, two obscene and racist push notifications were sent to our followers on Apple News about a minute apart.

The messages are vile and are not in line with the content and ethos of Fast Company. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved.

Tuesday’s hack follows an apparently related hack of FastCompany.com that occurred on Sunday afternoon, when similar language appeared on the site’s home page and other pages.

We shut down the site that afternoon and restored it about two hours later. Fast Company regrets that such abhorrent language appeared on our platforms, and we apologize to anyone who saw it before it was taken down.

Apple has addressed the situation in a tweet, confirming that the website has been hacked and that it has suspended Fast Company’s account:

Fast Company’s website loads a 404 Not Found page

At the moment, Fast Company’s website loads a “404 Not Found” page. Before it was taken down, though, the bad actors managed to post a message detailing how they were able to infiltrate the publication, along with a link to a forum where stolen databases are made available for other users.

They said that Fast Company had a default password for WordPress that was much too easy to crack and used it for a bunch of accounts, including one for an administrator.

They were able to grab authentication tokens, Apple News API keys, and other information. The authentication keys, in turn, gave them the power to grab the names, email addresses, and IPs of a bunch of employees.

Thrax posted in the forum they linked the website

A user called “Thrax” posted in the forum they linked on the publication’s website, announcing that they were releasing a database containing 6,737 employee records.

These include employees’ emails, password hashes for some of them, and unpublished drafts. They weren’t able to get their hands on customer records, though, most likely because they’re kept in a separate database.

Related CTN News:

The Most Important Features For Your Law Firm’s Website