It’s been a little while since we had a high-profile media feed hijacking, but tonight someone sent an Apple News notification from Fast Company containing a racial slur and invitation for a particular sexual act. They also posted similar content to the outlet’s website, indicating its CMS or an account on it has been compromised, and now the site appears to be offline, showing visitors a 404 error.
Another article posted to Fast Company’s website before it disappeared included a message from “postpixel,” describing at length how they were able to execute the attack and deriding attempts to secure the outlet’s publishing tools. The message posted to Fast Company’s own site claims they got in thanks to a password that was shared across many accounts, including an administrator.
The hackers also pointed to a forum for trading information stolen in security breaches, where they shared the same details, starting with posts made two days ago. The forum post said they’re releasing thousands of employee records, as well as draft posts from the database, but said customer information was stored in a different database that they did not have access to.
Apple and Fast Company haven’t commented on the incident yet, and it’s unclear exactly how many people received the blast, but a look around social media reveals it went out widely. Vox Media staffers who don’t pay for subscriptions to Fast Company say it popped up on their phones as well.
We’ve seen hackers take over Twitter feeds, YouTube channels, press release newswires, and occasionally deface websites, but an Apple News alert takeover may be a first. However, as startup exec Zack Wynegar notes, while the Fast Company message was obscene and offensive, someone with that kind of access could’ve gone another route to manipulate stock markets or crypto prices, similar to the Walmart Litecoin crypto hoax last year.
Should have said something funny like “Elizabeth Holmes raises $120m pre-seed from a16z while in prison” rather than this disgusting message
— Zack Wynegar (@ZackWynegar) September 28, 2022
re: thrax Apple News hack pic.twitter.com/wlJmeNIMyM
Aucun commentaire:
Enregistrer un commentaire