Fast Company hackers sent out obscene push notifications to Apple News users

Fast company Readers who subscribe to business magazine updates through Apple News received a couple of obscene push notifications containing racial slurs on Tuesday night. The news caught many users off-guard – it really could raise a spit if you weren’t expecting it – and people took to Twitter to um post screenshots. In a statement, Fast company has told Engadget that his Apple News account was hacked and used to send “obscene and racist” push notifications.” It added that the breach is linked to another hack that happened Sunday afternoon and that it went as far as it did to shut down the entire FastCompany.com domain for now.

The publication said:

“Fast Company’s content management system account was hacked Tuesday night. As a result, two obscene and racist push notifications were sent to our followers on Apple News about a minute apart. The messages are abhorrent and do not reflect Fast Company’s content and ethos. We are investigating the situation and have closed FastCompany.com until the situation is resolved. Tuesday’s hack follows an apparently related FastCompany.com hack that occurred Sunday afternoon, when similar language appeared on the site’s home page and other pages. We shut down the site that afternoon and restored it about two hours later. Fast Company regrets that such vile language has appeared on our platforms and Apple News, and we apologize to anyone who saw it before it was removed.”

Apple addressed the situation in a tweet, confirming that the site has been hacked and blocked Fast company Account:

At the moment, Fast Company website loads a 404 Not Found page. However, before it was taken down, the bad actors succeeded send a message It describes how they were able to infiltrate the publication, along with a link to a forum where stolen databases are made available to other users. They said that Fast company had a default WordPress password that was far too easy to crack and used it on a number of accounts, including one for an admin. From there, they could retrieve authentication tokens, Apple News API keys, and other access information, among other things. The authentication keys, in turn, gave them the ability to retrieve the names, email addresses, and IPs of a number of employees.

A user named “Thrax” posted on the forum he linked from the publication’s website, announcing that he would be releasing a database of 6,737 employee records. This includes employees’ emails, password hashes for some of them, and unpublished drafts, among other things. However, they have not been able to get their hands on customer records, most likely because they are kept in a separate database.

Update 09/27/22 11:43 PM ET: Edited the post to add it Fast company new and more detailed statement.