top of page
Writer's picturealvin gitonga

Hacker ConfessionšŸ˜ˆ: How they breached Fast Companyā€™s site šŸ˜

Updated: Dec 16, 2022

CyberMorans,

Fast Company took its website offline after it was hacked to display stories and push out Apple News notifications containing šŸ¤¬ obscene and racist comments. Yesterday, the hacker shared how they allegedly breached the site šŸ¤­

Fast Company is a monthly American business magazine published in print and online that focuses on technology, business, and designšŸ˜›

The site today shows a statement from the company confirming they were hacked on Sunday afternoon, followed by an additional hack on Tuesday evening that allowed hackers to push out racist notifications to mobile devices via Apple News.

"Company's content management system was hacked on Tuesday evening. As a result, two obscene and racist push notifications šŸ¤¬ were sent to our followers in Apple News about a minute apart,"šŸ„¶ reads a statement on Fast - Company's website. The messages are vile and are not in line with the content and ethos of Fast Company. We are investigating the situation and have shut down FastCompany.com until the situation has been resolved." šŸ˜µ

The obscene Apple News notifications were quickly reported by users on Twitter šŸ¤¬, leading Apple News to disable Fast Company's channel on the news service šŸ¤¢


Earliest signs that Fast Company was breached occurred Sunday afternoon when the site's home page began filling up with stories titled "Hacked by Vinny Troia. ********** tongue my ********. Thrax was here.' šŸ¤¢šŸ‘æ


Members of the Breached hacking community, and the now shut down RaidForums, have a long-standing feud with security researcher Vinny Troia where they commonly deface websites and perform hacks, which they blame on the researcheršŸ§


Fast Company took the site offline for some time to fix the defacement but was hacked again on Tuesday night. This time the hacker pushed out Fast Company notifications through Apple News that contained similar obscene and racist comments as the website defacement šŸ˜²

Ā 

Hackers tell how they breached Fast Company

Based on the mention of "Vinny Troia" in the defacements, it is not surprising to see a Breached hacking forum member named 'Thrax' sharing information about how they allegedly hacked Fast Company's website.šŸ˜²

The hackeršŸ˜ˆ claims they were able to breach Fast Company after they discovered a WordPress instance used by the company for their website.

This WordPress instance was allegedly secured using HTTP basic authentication that was bypassedšŸ’€. The threat actor then say they gained access to the WordPress CMS using a very easy default password that was used on "dozens" of accounts šŸ’€

From there, they say they were able to steal Auth0 tokens, Apple News API keys, and Amazon SES secretsšŸ’€

Using these tokens, they claim to have created administrator accounts on the CMS systems, which were used to push out the notifications to Apple NewsšŸ’€

Sourced: Bleepingcomputer

Ā 

Conclusion

Subscribe to receive notifications of similar posts šŸ˜‹ where we will be reverse engineering malware and the technical aspect of vulnerabilities as well as how an attacker may use this vulnerability as an attack vector and other Infosec stuff...šŸ˜‹


Morans,


Thank you for your time, Like and leave a comment/review and as always, stay awesome! šŸ˜‹šŸ‘Š šŸ’Ŗ





26 views0 comments

Commentaires


Post: Blog2_Post
bottom of page