Two days ago, on September 25th, Fast Company’s website was hacked and publicly defaced, with the hacker bragging about the exploits on a hacking forum. Earlier today, with the website still unsecured, Fast Company’s account sent out more offensive profanity via Apple News. RestorePrivacy has obtained an explanation from the hacker detailing exactly how this transpired.
Two days ago, on September 25th, we noticed a user on a popular hacker forum post about hacking the Fast Company website.
The hacker claimed that Fast Company left “database credentials open to the public” which provided access and data from the company.
The hacker released the data that was obtained from Fast Company on the hacker forum. Users could purchase the files that the hacker obtained using forum credits. The hacker, who goes by the name of Thrax, had this to say:
I am releasing 6,737 employee records from their WordPress database, among other things such as posts (including unpublished drafts), configurations, and more. We were not able to gain access to customer records as these were likely stored in another database. The data includes emails, password hashes for some users (WordPress format), and a few other things. Hell, I think there’s some Auth0 s*** hidden somewhere if you want to do anything with that.
The hacker also described how he was able to publicly defaced the website over the weekend. This was captured on the Wayback Machine here two days ago on Sunday, September 25th.
Fast Company’s website was publicly