After eight long days, the Fast Company website is back online. The digital arm of the business magazine shut down for more than a week after a cyberattack pushed obscene notifications to Apple News users that followed Fast Company.
Even worse, the attack was perpetrated thanks to extremely lax password security, which the hackers insisted features embarrassingly easy to use guess login credentials.
The attack is a stark reminder for businesses of all sizes that passwords are the first line of defense against these kinds of hacks and that shoring up your security could save you millions.
The Fast Company Website Shut Down for Eight Days
On Tuesday, September 27th, Apple News users that followed Fast Company received an obscene and offensive push notification, which we will not repeat on Tech.co, although a quick Twitter search will likely help you find it if you absolutely need to see it. The message was naturally the result of a cyberattack, which Fast Company confirmed in a statement:
“Fast Company’s Apple News account was hacked on Tuesday evening. Two obscene and racist push notifications were sent about a minute apart. The messages are vile and are not in line with the content of Fast Company. We are investigating the situation and have suspended the feed and shut down FastCompany.com until we are certain the situation has been resolved.”
The hack was just the beginning, though. The attacker — who went back the moniker “Thrax” in the initial notification — also gained access to the Fast Company CMS via WordPress. This allowed them to view everything from unpublished drafts to company records, including email addresses and passwords of more than 6,000 employees.
Fast Company shut down its website in order to mitigate the damage, as well as the websites for its other publications it owns, including Inc.com and Mansueto.com.
How Did Fast Company Get Hacked?
In 2022, cybercriminals are extremely knowledgeable, employing advanced tactics to gain access to secure databases that house valuable company and employee information.
However, this cybercriminal didn't need to do all that, as Fast Company reportedly utilize some extremely lax password security to keep its information safe, which the hacker was able to guess.
The hacker posted a message stating that Fast Company utilized unbelievably easy-to-guess passwords to secure its WordPress CMS and, even worse, used that same password for multiple accounts. This gave the attacker access to a wide range of data, including the Apple News API, which allows them to send the push notification to users.
It's not the first time we've heard of an attack stemming from an easy-to-guess password. Just a few weeks ago, the hotel chain Intercontinental Hotel Group was infiltrated due to using the password ‘Qwerty1234'.
The Importance of Password Security
While shutting down a major publication for more than a week may sound like a worst-case scenario, the reality is that security breaches like this one almost always have dire consequences. In fact, one study found that data breaches cost the average business around $10 million, so shoring up your security could have a serious impact on your bottom line.
If we've said it once, we've said it a thousand times: password security is vitally important for businesses in 2022. Until we finally go passwordless, which is certainly still a way off, you need to make sure your accounts are adequately secured with long, unique passwords that can't be guessed by a random hacker.
Password best practices remain hard to follow, though. With all those accounts, it can be impossible to come up with unique options for each one. Fortunately, password managers are designed to do just that, as well as offering other security features that can keep your business safe.