Skip to main content

Fast Company’s Apple News access hijacked to send an obscene push notification

Fast Company’s Apple News access hijacked to send an obscene push notification

/

Apple News has disabled its channel, and the outlet took down its website.

Share this story

A black and white graphic showing the Apple logo
Nick Barclay / The Verge

It’s been a little while since we had a high-profile media feed hijacking, but tonight someone sent an Apple News notification from Fast Company containing a racial slur and invitation for a particular sexual act.

Apple has addressed the incident on its Apple News Twitter account, saying that it’s disabled Fast Company’s channel.

The publication confirmed the hack. “Fast Company’s Apple News account was hacked on Tuesday evening. Two obscene and racist push notifications were sent about a minute apart. The messages are vile and are not in line with the content of Fast Company. We are investigating the situation and have suspended the feed and shut down FastCompany.com until we are certain the situation has been resolved.”

An article posted to Fast Company’s website before it disappeared included a message from “postpixel,” describing at length how they were able to execute the attack and deriding attempts to secure the outlet’s publishing tools. The message claims they got in thanks to a password that was shared across many accounts, including an administrator.

“Wow, Fast Company. Despite the public defacement of your site, which boasts millions of visitors, all you did was hastily change your database credentials, disable outside connections to the database server, and fix the articles. What an absolute disgrace of a news source, and one that I would personally avoid due to how little they care about user security.”
Message posted by Fast Company hackers
Image: FastCompany.com

The hackers also pointed to a forum for trading information stolen in security breaches, where they shared the same details, starting with posts made two days ago. The forum post said they’re releasing thousands of employee records, as well as draft posts from the database, but said customer information was stored in a different database that they did not have access to.

Its unclear exactly how many people received the blast, but a look around social media reveals it went out widely. Vox Media staffers who don’t pay for subscriptions to Fast Company say it popped up on their phones as well.

We’ve seen hackers take over Twitter feeds, YouTube channels, press release newswires, and occasionally deface websites, but an Apple News alert takeover may be a first. However, as startup exec Zack Wynegar notes, while the Fast Company message was obscene and offensive, someone with that kind of access could’ve gone another route to manipulate stock markets or crypto prices, similar to the Walmart Litecoin crypto hoax last year.

Update September 27th, 9:45PM ET: Added statements and tweets from Fast Company and Apple News.