Fast Company’s website was restored eight days after it was taken offline due to a cyberattack. The business publication was hacked on September 25th, but it wasn’t until the second security breach on September 27th that drastic measures were required to contain the situation.
In late September, Apple News subscribers who were subscribed to Fast Company received a couple of obscene push notifications containing racial slurs.
The bad actors had also defaced the website with obscene and racist messages and revealed how they had gained access to the publication.
They claimed that Fast Company used a simple password for its WordPress CMS and reused it for other accounts.
They were able to obtain the company’s Apple News API keys, as well as authentication tokens that gave them access to employee names, email addresses, and IP addresses, from there.
A user named “Thrax” posted a database dump with 6,737 employee records, including emails, password hashes for some of them, and unpublished drafts, among other details, in a forum linked to by the hackers on the defaced website.
Fast Company editor-in-chief Brendan Vaughan wrote in a new post announcing the publication’s return that no customer or advertiser information was compromised as a result of the hack.
While an investigation was underway, the main Fast Company website, its corporate site Mansueto.com, and its sister site Inc.com were all unavailable for eight days.
During that time, the publication also shared content on LinkedIn, Instagram, Facebook, TikTok, and Medium.
Vaughan did not go into specifics about the investigation’s findings, except to say that no customer or advertiser data was compromised and that the publication has “taken steps to safeguard against further attacks.”