The media publication Fast Company had its internal systems breached by hackers on Tuesday, resulting in offensive push notifications being sent to Apple News users.
In a statement on the incident, Fast Company said that its “content management system” had been compromised prior to the “obscene and racist” notifications being sent.
“The messages are vile and are not in line with the content and ethos of Fast Company,” the company said.
The publication further noted that the hack appears to be related to a breach that occurred on Sunday afternoon, which saw similar offensive language placed on its website.
In response to the hack, Fast Company chose to shut down its website on Tuesday “until the situation has been resolved.” As of Wednesday afternoon, Fast Company remains offline.
“Fast Company regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down,” the company added.
Apple News also addressed the situation on Tuesday and announced that it had temporarily removed Fast Company from its platform.
“An incredibly offensive alert was sent by Fast Company, which has been hacked,” the platform said. “Apple News has disabled their channel.”
As noted by TechCrunch, the hacker who carried out the breach had been able to post an article on Fast Company before the website was taken down.
The hacker, who referred to themselves as “Thrax,” claimed that Fast Company had been using a “ridiculously easy” default password for its administrator account.
“This enabled the attacker to access a bunch of sensitive information, including authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens, allowing the hacker to send emails using any @fastcompany.com email,” TechCrunch said.
The hacker, TechCrunch continued, also reportedly said that they would release the data obtained in the breach in a statement on a popular hacking forum. The data is said to include 6,373 employee records containing email addresses, some password hashes, unpublished drafts, and other data.
