Technology and Business news outlet Fast Company suffered a hack where the perpetrators used their site access to send explicit push button notifications out to the publication's Apple News subscribers.
A breach occurred this Tuesday when hackers gained access to Fast Company’s content management system and sent two explicit and racist messages through their Apple News channel. Fast Company, a news outlet that focuses on technology and business, stated that hackers were able to use its publishing tools to send out a push alert on Apple News. Both messages appeared at about 5:18 PM PT and were deleted as soon as the company noticed them.
Apple quickly took to its Apple News Twitter account to address the situation, announcing that they had already disabled Fast Company’s channel. In the short tweet, the company claimed that Fast Company had sent out “an incredibly offensive alert.” Apple made no mention that the publication had been hijacked by hackers.
Fast Company made a statement late Tuesday about the incident. The messages sent out through Apple News are “not in line with the content of Fast company,” stated the publication on their Twitter account. As of 12:49 PM ET, the Fast Company website went offline, displaying only a 404 error page instead.
The news outlet also announced that its website would be shut down. They explained that they are investigating the Apple News incident and won’t make their website available until they can verify what happened and make sure the problem is no longer a threat. Fast Company also disabled its news feed until further notice.
Before Fast Company disabled its site, a mock article with a message appeared on its news feed. It came from a user called “postpixel,” and was titled “FastCompany gets HACKED!” In the article, “postpixel” described how they gained access to the company’s publishing tools and how they were able to send out Apple News push alerts.
“Postpixel” claimed that they were able to execute the attack after obtaining a password that was stolen and published online. The same password was shared across different logins for several Fast Company employees, which made it easy for the hacker to send out the offensive message alerts to subscribers. The offensive messages even popped up for Apple News users who do not have a subscription to the publication.
Many online illicit activities are constantly in motion. From large global corporations like Apple News to small-to-medium sized businesses like Fast Company, cyber-attacks are usually carried out by hackers who are seemingly able to steal passwords and logins with relative ease. “Pixelpost” revealed an online forum where hackers and other criminals trade-sensitive information, such as login credentials for employees of different companies.
In a post on the forum on Tuesday, the Fast Company hacker shared details about how they were able to infiltrate the company’s data. The post claimed to have thousands of employee records and draft posts from the publication and stated that they’d release that information as well. Posts surrounding the Apple News incident popped up on the forum two days ago.
Luckily for Fast Company customers, the hacker also revealed that customer information was kept in a different database that remained inaccessible. Although the racist and explicit messages were blasted only through Apple News, those who received the notification took to social media to share what happened. The exact number of Apple News users who received the two inappropriate messages is unclear.