Fast Company struggles to kick a hacker out of its content management system days after initial breach.
Yesterday evening, iPhone users may have been surprised to see multiple push notifications from Apple News containing a racist slur and other obscene language. The notifications were triggered by Fast Company’s Apple News account, prompting Apple News to disable the publication’s news channel. As it turns out, a hacker who previously compromised the publication’s WordPress content management system (CMS) was behind the vulgar push notifications.
Breach Forums is a hacking website frequented by cybercriminals who buy and sell stolen data. It’s no surprise, then, that the hacker who compromised Fast Company’s CMS started a thread on Breach Forums announcing the hack and offering up stolen data. The hacker, who goes by the name “thrax,” claims to have stolen 6,737 employee records from the publication’s WordPress database. However, he says that he wasn’t able to access customer information.
According to a second post by thrax, he gained access to Fast Company’s WordPress instance by discovering that the default password was “pizza123” and that at least a dozen accounts still had the default password. One of these accounts was an administrator account, giving the hacker high level permissions within the publication’s CMS. The hacker then used these privileges to access sensitive information, including authentication tokens, Apple News API keys, Amazon SES secrets, and a Slack webhook.