{"id":20237,"date":"2022-09-29T16:10:04","date_gmt":"2022-09-30T00:10:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/09\/29\/news-13970\/"},"modified":"2022-09-29T16:10:04","modified_gmt":"2022-09-30T00:10:04","slug":"news-13970","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/09\/29\/news-13970\/","title":{"rendered":"Fast Company hacked to send obscene and racist messages"},"content":{"rendered":"<p>Yesterday, Apple News <a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/AppleNews\" target=\"_blank\">announced<\/a>&nbsp;it had disabled the channel of&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fast_Company\" target=\"_blank\">Fast Company<\/a>, a&nbsp;US-based business magazine,&nbsp;after surprised Twitter users reported&nbsp;it was&nbsp;tweeting offensive comments.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channel.<\/p>\n<p> &mdash; Apple News (@AppleNews) <a href=\"https:\/\/twitter.com\/AppleNews\/status\/1574935109630918661?ref_src=twsrc%5Etfw\">September 28, 2022<\/a><\/p><\/blockquote>\n<p>Fast Company&nbsp;was&nbsp;hacked on Sunday, September 25. The attacker responsible&nbsp;modified&nbsp;article titles to obscene and racist things:<\/p>\n<p>&#8220;Hacked by Vinny Troia. [redacted] tongue my [redacted]&#8221;,&nbsp;one title read.<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/easset_upload_file62681_239319_e.png\" alt=\"\" width=\"744\" height=\"441\" \/><br \/>This is what Fast Company looked like after it was hacked by an actor named &#8220;Thrax.&#8221;<\/p>\n<p>Fast Company took its site offline to fix the defacement but the hacker successfully got in again on Tuesday via&nbsp;content management system WordPress, in order to push the same offensive text to&nbsp;its followers on Apple News.<\/p>\n<p>Fast Company tweeted on Wednesday:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Fast Company&#8217;s Apple News account was hacked on Tuesday evening. Two obscene and racist push notifications were sent about a minute apart.<\/p>\n<p>The messages are vile and not in line with the content and ethos of Fast Company. (continued below)<\/p>\n<p> &mdash; Fast Company (@FastCompany) <a href=\"https:\/\/twitter.com\/FastCompany\/status\/1574938145237639168?ref_src=twsrc%5Etfw\">September 28, 2022<\/a><\/p><\/blockquote>\n<p class=\"sample\"> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>On Thursday, Fast Company&#8217;s website was displaying a statement regarding the hack on a black background.<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/easset_upload_file83992_239319_e.png\" alt=\"\" width=\"660\" height=\"461\" \/><br \/>&#8220;The messages are vile and are not in line with the content and ethos of Fast Company.&#8221;<\/p>\n<p>While the company is working to resolve what happened, it said it will continue publishing stories on its social channels, including Facebook, LinkedIn, and TikTok.<\/p>\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hacker-shares-how-they-allegedly-breached-fast-company-s-site\/\" target=\"_blank\">Speaking with BleepingComputer<\/a>, &#8220;Thrax&#8221; revealed how they hacked Fast Company&#8217;s website.<\/p>\n<p>Thrax claimed they infiltrated Fast Company after bypassing basic HTTP authentication that secured the WordPress instance the company uses for their website. They then used a default password in &#8220;dozens&#8221; of accounts to take control of the CMS.<\/p>\n<p>They then stole Auth0 tokens, Apple News API keys, and Amazon SES secrets. Using the tokens,&nbsp;&#8220;Thrax&#8221; says they created admin accounts on the CMS systems, which were then used to push out the notifications to Apple News.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/fast-company-is-currently-investigating-how-it-got-hacked\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding='10'>\n<tr>\n<td valign='top' align='left'>\n<p>Categories: <a href='https:\/\/www.malwarebytes.com\/blog\/category\/cybercrime' rel='category tag'>Cybercrime<\/a><\/p>\n<p>Categories: <a href='https:\/\/www.malwarebytes.com\/blog\/category\/news' rel='category tag'>News<\/a><\/p>\n<p>The US business magazine appeared to have two separate and related incidents in which it was compromised.<\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/fast-company-is-currently-investigating-how-it-got-hacked' title='Fast Company hacked to send obscene and racist messages'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel='nofollow' href='https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/fast-company-is-currently-investigating-how-it-got-hacked'>Fast Company hacked to send obscene and racist messages<\/a> appeared first on <a rel='nofollow' href='https:\/\/www.malwarebytes.com'>Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[4503,32],"class_list":["post-20237","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-cybercrime","tag-news"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20237","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20237"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20237\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}