The Fast Company website is finally back after being completely offline for eight days. The website made the decision in reaction to an attack that saw offensive push notifications bring sent to the channel’s followers.
The Apple News Twitter account tweeted that Apple had disabled Fast Company‘s channel following the “incredible offensive alert” that its subscribers had received on their Apple devices. Hackers says that unbelievably poor password security made multiple systems easy to access.
What Happened?
Before it disappeared, Fast Company‘s website included a message from hacker group “postpixel” in which they described how they had been able to execute the attack by infiltrating Fast Company‘s WordPress back-end. Postpixel also ridiculed the publication’s efforts to secure its publishing tools and administrator portal.
It appears that hackers gained access to login credentials that allowed them to Fast Company‘s Apple News content management system to send out push notifications.
The hackers also claimed to have accessed thousands of employee records, which they intended to share on a forum for trading information stolen in security breaches. Attackers posted a dump of the CMS, which included unpublished drafts, together with employee records and emails.
The publication took its entire site offline, along with its other sites, Mansueto.com and Inc.com. All three websites are back online, after an eight-day “vacation.”
Attackers say they were able to gain access to the sites’ systems due to two incredibly poor security practices by Fast Company, which included the use of a weak password, as well as re-using passwords for other accounts.
Fast Company’s parent firm has stated that no customer or advertiser data was compromised.