Hacker Exploits Apple News to Send Obscene Push Alert

pcmag.com:

A hacker managed to send racist, obscene messages to numerous Apple News users on Tuesday night by infiltrating the online systems at the business magazine Fast Company. 

The hacker abused the push notification function on Fast Company’s Apple News account to send out the offensive message, which contained the n-word and sexual language. The message was also signed “Thrax was here.” 

In response, Apple says(Opens in a new window) Fast Company was hacked and promptly disabled the magazine’s channel on Apple News. 

Fast Company also published a statement(Opens in a new window) confirming the breach. The hacker hijacked the magazine's content management system on Tuesday evening. “As a result, two obscene and racist push notifications were sent to our followers in Apple News about a minute apart,” the magazine said. 

The hacker also had access to content posted on Fast Company’s main website. This led the culprit to also post a similar offensive message on Fastcompany.com and other pages. 

“The messages are vile and are not in line with the content and ethos of Fast Company. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved,” the magazine said. The FastCompany.com site continues to remain down; visiting it will result in a “404 Not Found” error message. 

While they had access, the hacker behind the breach apparently uploaded an article(Opens in a new window) to Fast Company's website, which allegedly details how the hijacking occurred. The article claims Fast Company hosted its articles over WordPress. However, the WordPress accounts were secured with a default password “pizza123.”

Fast Company didn’t immediately respond to a request for comment.

Sign up for Security