The Fast Company website was down on Wednesday after a hack on Tuesday, resulting in obscene and racist push notifications being sent.
The magazine’s content management system (CMS) was hacked on Tuesday evening, which “impacted our Apple News alerts," the pub said in a tweet.
Apple customers who subscribe using the Apple News aggregation app can have push notifications sent to them, Reuters reports. The hackers broke into these tools, it adds.
Fast Company tweeted, “We are investigating the situation and have suspended the feed & shutdown http://FastCompany.com until we are certain the situation has been resolved.”
Into Wednesday, clicks to the site produced a 404 error message. However, later in the day, the site reappeared, elaborating that the sent messages are "vile and are not in line with the content and ethos of Fast Company. Tuesday's breach follows an apparently related event that occurred Sunday afternoon on FastCompany.com, when an unknown actor (or actors) posted similar language on the site's home page and other pages. Fast Company regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down. We immediately retained a leading global incident response and cybersecurity firm and together are investigating the situation. We have shut down FastCompany.com until the situation is resolved."
The announcement of the episode drew cynical tweets, including, “I think you did it on purpose,” and “Anything for the clicks.”
However, one other person tweeted, “Thank you for the quick response. We need the heroes at the FBI to investigate this bigoted attack against African Americans. The person who did this was likely involved with the Jan 6th attack on our democracy. We won’t allow fascism to take root!”
This apparently is not the first episode of its type. MSNBC’s Joy Reid said her website was hacked and “bigoted anti-LGBT content added,” according to a story by Glenn Greenwald. Greenwald wondered if the “liberal media” would cover the story, the tweet thread continued.
Into Wednesday, the Fast Company site was displaying a 404 error message.
The incident has led to analysis of how this could happen to a major content site.
“While cybercriminals always go for the money, from time to time, they like to demonstrate their boldness by showing they have access to sensitive or publicly viewable systems by posting something outside of the normal scope of information shared," James McQuiggan, security awareness advocate at KnowBe4, told Publishers Daily. "These actions attempt to damage the victim's brand and embarrass them publicly because they were attacked and compromised."
McQuiggan continued, "Whether an organization has sensitive systems containing intellectual property, customer records, or a public-facing system like social media accounts, or API connections to third-party systems, it must be secured with strong, unique passwords and keys. Wherever possible, utilize a non-phishable MFA to ensure those connections are effectively secured.”