Fast Company returns after attack that saw obscene Apple News alerts pushed to readers
The business-focused publication said no customer data was exposed in the hack.
Fast Company's website finally came back online eight days after the publication took it down due to a cyberattack. The business publication was initially hacked on September 25th, but it wasn't until the second security breach on September 27th that it had to take drastic measures to contain the situation. If you'll recall, Apple News users who are subscribed to Fast Company received a couple of obscene push notifications with racial slurs in late September. The bad actors had also defaced the website with obscene and racist messages and posted details on how they were able to infiltrate the publication.
They said that Fast Company used an easy-to-crack password for its WordPress CMS and had re-used it for its other accounts. From there, they were able to grab the company's Apple News API keys, as well as authentication tokens that gave them access to employee names, email addresses and IPs. In a forum the hackers linked to on the defaced website, a user called "Thrax" posted a database dump with 6,737 employee records that include mails, password hashes for some of them and unpublished drafts, among other details.
No customer or advertiser information was exposed as a result of the hack, though, Fast Company editor-in-chief Brendan Vaughan wrote in a new post announcing that the publication is back. The main Fast Company website, its corporate site Mansueto.com and its sister site Inc.com remained offline for eight days while an investigation was being conducted. During that period, the publication posted content on other platforms, such as LinkedIn, Instagram, Facebook, TikTok and Medium. Vaughan didn't go into details with the result of the probe, other than saying that no customer or advertiser data was compromised and that the publication has "taken steps to safeguard against further attacks."
