Apple News responded by disabling Fast Co.’s channel, and the news outlet opted to shut down all of its sites.
G/O Media may get a commission
Advertisement
In an unverified post on a hacker forum, the alleged perpetrator “Thrax” provided a lengthy explanation of how they conducted the breach, according to RestorePrivacy and Bleeping Computer. The post described how Thrax was able to easily bypass Fast Co.’s security protocols including HTTP authentication and a uniformly used default password of “pizza123.” According to the hacker, they were able to collect email addresses, usernames, and IP addresses from multiple employees as well as create their own account in the CMS with new credentials.
Without providing much detail, Fast Co. reported on Wednesday that it had conducted a thorough investigation of the breach, and determined “no customer or advertiser information was disclosing in connection with the CMS attack, and that we have taken steps to safeguard against further attacks.”