A breach of Fast Company’s WordPress systems allowed for a hacker to send obscene notifications via Apple News on Tuesday.
Fast Company hack causes obscene Apple News notifications.
The Verge reports that Fast Company was hacked and sent out a push notification via Apple News to many iPhones that was obscene in nature. Apple News addressed the hack on Twitter, saying, “An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channel.”
“Obscene and racist push notifications.”
Fast Company has also confirmed the hack on Twitter, saying, “Fast Company's Apple News account was hacked on Tuesday evening. Two obscene and racist push notifications were sent about a minute apart. The messages are vile and not in line with the content and ethos of Fast Company,” and followed in a later tweet, “Fast Company has retained a leading global incident response and cybersecurity firm and, together, we are investigating the situation. We have shut down FastCompany.com until the situation is resolved.”
The Washington Post reports that the two two-sentence notifications contained the n-word and graphic language. Fast Company’s site also fell victim to the hackers and saw a post detailing the break-in, posted by the hackers themselves. The post said that the group gained access to the company’s WordPress accounts, including keys to functions such as the Apple News interface.
Industry comment on media cybersecurity challenges.
Joel Molinoff, BlueVoyant Vice Chairman, said of the hack, “The recently reported cyber attack on Fast Company shines a light on the media industry’s cybersecurity challenges. The sector has been evolving over the years, and expanded content production and distribution by both traditional and new players, coupled with fast changing technologies has created a more distributed and fragmented ecosystem. Risks are further heightened as the Fast Company attack, which reportedly led to obscene push notifications to Apple News followers, shows media organizations can find themselves or their connections to other organizations targeted.
"Generally speaking, large media organizations have structured cyber security programs in place. But as companies’ internal networks become more well-defended, often a member of their digital supply chain, like a vendor or supplier, is the weak link. As a result, media companies may be vulnerable to leaks of content and other sensitive data, as well as ransomware, and other cyber attacks coming from their supply chains. Media enterprises could also find themselves targeted for their access to other companies’ networks.
"Our own research found IT hygiene and security vulnerabilities across a number of vendors that support the media industry, suggesting that as an industry, the media faces significant cybersecurity challenges. The media ecosystem is one of the most complex, which makes it difficult for companies to securely produce, distribute, and manage content. From concept to camera and from camera to consumer, media companies are dependent on vendors, service providers, partners, and technologies. Exploitation of the found vulnerabilities can lead to potential loss of content and operational disruption.
"It is important to note that media companies, like companies in all industries, should continuously monitor their vendors to quickly remediate any potential attacks. Enterprises should also patch their systems quickly and ask their vendors to do the same. The time it takes for cybercriminals to exploit known vulnerabilities is decreasing so enterprises must patch quicker.”