October 14, 2022

Fast Company, an American business magazine, has confirmed that the personal information of its board members was not stolen in a cyberattack that forced the company to shut down its website.

However, the company said that the attacker stole contributor credentials and put them up for sale online after hacking its content management system.

Fast Company’s Executive Board is an invitation-only network of company founders, executives and executives that enables them to connect with peers and publish on FsstCompany.com.

“The hacked downloaded Fast Company contributor usernames and passwords and made the obtained information available for purchase on the web site called Breach Forums. Thankfully, Fast Company Executive Board member information is protected in a separate database. Personal information was not compromised in the cyberattack,” Fast Company said in a notification.

Fast Company was forced to take its website offline after it was defaced to show “Hacked BT Vinny Troia. [redacted] tongue my [redacted]. Thrax was here,” messages instead of the usual headlines. The hack message therefore linked it to the Breached hacking community whose members are known to deface websites and link them to security researcher Vinny Troia.

The threat actors claim they stole Autho tokens, Apple News API keys and Amazon SES secrets that have helped create CMS administrator accounts later used to push Apple News notifications.

The sources for this piece include an article in BleepingComputer.