The Fast Company website is finally back after being taken completely offline for eight days. The drastic action was in response to an attack which saw obscene and racist alerts pushed to Apple News.
The hackers said that unbelievably poor password security made multiple systems easy to access …
Background
All that was immediately known at the time of the incident was that a highly offensive alert was sent to Apple News users who followed Fast Company.
Apple responded, tweeting that FastCo had been hacked.
An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channel.
It quickly became apparent that the attackers had gained extensive access to the company’s systems. This included the content management system (CMS) used to write and publish articles, with a number of these defaced with similarly offensive messages.
Attackers posted a dump of the CMS, which included unpublished drafts, together with employee records and emails.
The publication took its entire site offline, as well as its other sites, Mansueto.com and Inc.com.
Fast Company website back online
All three websites are finally back online, after an eight-day hiatus.
Engadget reports that the first hack actually took place two days before the Apple News alerts.
The business publication was initially hacked on September 25th, but it wasn’t until the second security breach on September 27th that it had to take drastic measures to contain the situation.
Attackers revealed that they were able to gain such extensive access due to two incredibly poor security practices by Fast Company. First, the use of a weak password which was easily cracked, and second by re-using passwords for other accounts. This included the company’s Apple News API keys, as well as authentication tokens that gave them access to other databases.
The company has stated that no customer or advertiser data was compromised.
Photo: Glenn Carstens-Peters/Unsplash
FTC: We use income earning auto affiliate links. More.
Comments