The messages caught many users off guard and people took to Twitter to post screenshots. Fast Company said in a statement that its Apple News account was hacked and used to send "obscene and racist" push notifications.
Currently, Fast Company 's website loads a “404 Not Found” page. However, before it was taken down, the bad actors managed to post a message detailing how they were able to infiltrate the broadcast, and a link to a forum where stolen databases were made available to other users.
The messages caught many users off guard and people took to Twitter to post screenshots. Fast Company said in a statement that its Apple News account was hacked and used to send "obscene and racist" push notifications.
Currently, Fast Company 's website loads a “404 Not Found” page. However, before it was taken down, the bad actors managed to post a message detailing how they were able to infiltrate the broadcast, and a link to a forum where stolen databases were made available to other users.
They said that Fast Company has a default password for WordPress that is very easy to crack, and they use it for many accounts, including an administrator. From there, they were able to retrieve authentication tokens, Apple News API keys, among other access information. Authentication keys gave them the power to get the names, email addresses, and IPs of a group of employees.
A user named “Thrax” announced on the forum that the publication links to on its website that they have published a database of 6,737 employee records . These include employee emails, password hashes for some, and unpublished drafts, among other information. However, they were unable to access customer records , most likely because they were kept in a separate database
