Fast Company returns after attack that saw obscene Apple News alerts pushed to readers

Fast Company’s website finally came back online eight days after the publication took it down due to a cyberattack. The business publication was initially hacked on September 25th, but it wasn’t until the second security breach on September 27th that it had to take drastic measures to contain the situation. If you’ll recall, Apple News users who are subscribed to Fast Company received a couple of obscene push notifications with racial slurs in late September. The bad actors had also defaced the website with obscene and racist messages and posted details on how they were able to infiltrate the publication. 

They said that Fast Company used an easy-to-crack password for its WordPress CMS and had re-used it for its other accounts. From there, they were able to grab the company’s Apple News API keys, as well as authentication tokens that gave them access to employee names, email addresses and IPs. In a forum the hackers linked to on the defaced website, a user called “Thrax” posted a database dump with 6,737 employee records that include mails, password hashes for some of them and unpublished drafts, among other details.

No customer or advertiser information was exposed as a result of the …read more