Fast Company returns after attack that saw obscene Apple News alerts delivered to readers
The
Fast Company website was finally back online eight days after the publication took it down due to a cyberattack. The economics publication was first hacked on September 25, but it wasn't until the second security breach on September 27 that it had to take drastic measures to contain the situation. If you recall, Apple News users who subscribed to Fast Company received a few lewd push notifications with racial slurs in late September. The bad actors had also defaced the website with obscene and racist messages and published details of how they were able to infiltrate the publication.
They said that Fast Company used an easy-to-crack password for their WordPress CMS and reused it for their other accounts. From there, they were able to retrieve the company's Apple News API keys, as well as authentication tokens giving them access to employee names, email addresses, and IP addresses. In a forum the hackers linked to on the defaced website, a user called "Thrax" posted a database dump with 6,737 employee records that include emails, password hashes for some of them and unpublished drafts, among other details.
No customer or advertiser information was exposed as a result of the hack, however, Fast Company editor Brendan Vaughan wrote in a new post announcing that publishing is back. Fast Company's main website, its corporate site Mansueto.com and its sister site Inc.com went offline for eight days while an investigation was ongoing. During this period, the publication published content on other platforms, such as LinkedIn, Instagram, Facebook, TikTok and Medium. Vaughan didn't go into detail about the outcome of the investigation, other than to say that no customer or advertiser data was compromised and that the publication has "taken steps to protect against further attacks." /p>
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission. All prices correct at time of publication.
Fast Company website was finally back online eight days after the publication took it down due to a cyberattack. The economics publication was first hacked on September 25, but it wasn't until the second security breach on September 27 that it had to take drastic measures to contain the situation. If you recall, Apple News users who subscribed to Fast Company received a few lewd push notifications with racial slurs in late September. The bad actors had also defaced the website with obscene and racist messages and published details of how they were able to infiltrate the publication.
They said that Fast Company used an easy-to-crack password for their WordPress CMS and reused it for their other accounts. From there, they were able to retrieve the company's Apple News API keys, as well as authentication tokens giving them access to employee names, email addresses, and IP addresses. In a forum the hackers linked to on the defaced website, a user called "Thrax" posted a database dump with 6,737 employee records that include emails, password hashes for some of them and unpublished drafts, among other details.
No customer or advertiser information was exposed as a result of the hack, however, Fast Company editor Brendan Vaughan wrote in a new post announcing that publishing is back. Fast Company's main website, its corporate site Mansueto.com and its sister site Inc.com went offline for eight days while an investigation was ongoing. During this period, the publication published content on other platforms, such as LinkedIn, Instagram, Facebook, TikTok and Medium. Vaughan didn't go into detail about the outcome of the investigation, other than to say that no customer or advertiser data was compromised and that the publication has "taken steps to protect against further attacks." /p>
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission. All prices correct at time of publication.
What's Your Reaction?
