(Chris Lynch/Unsplash)
Fast Company is a magazine I deeply admire, one that has published lots of fascinating and important stories over the years. It is a publication I think highly of.
Problem is, when you’re deeply admired, that makes you a target—and this week, Fast Company was brutally hacked in a way that will likely take days for the company to resolve, potentially with deep cleanup costs. The hack, conducted by a user named “Thrax,” came about as a result of what the user claims was an extremely-easy-to-hack default password, which allowed the person full access to the administrator accounts, from which point it was able to access sensitive data like API keys and tokens for its Amazon SES email tool.
The magazine, reliant on a WordPress installation, isn’t unlike any other publisher in 2022—just like any other platform, it has a lot of content to manage, employee records to keep safe, and, unfortunately, weak points that can be exploited. Those weak points were exploited, at scale, by the hacker, who sent an obscene message through their Apple News notifications, a situation bad enough that, as of this writing, both Fast Company and its sister publication, Inc., are still down. It is unprecedented in the modern day for a publication to be taken offline by hackers for this long, but the truth is, any organization can face issues like this, depending on their history and track record.
https://twitter.com/FastCompany/status/1574980645868404736
The reason is that, even now, it is far too easy to let security fall to the side, even at organizations that might otherwise have a reason to take it seriously. Twitter, for example, saw its network hacked in 2020 essentially through a set of credentials that were accessible, loosey-goosey, on a Slack channel, giving the hackers access to any number of prominent Twitter accounts.
I don’t think these companies and networks are the exception—unfortunately, weak security practices are widespread, especially when it comes to extremely common CMS platforms like WordPress. Even with tight security, WordPress is still the Windows of content management, and therefore will always have a target on its back.
From a reassuring-readers standpoint, Fast Company unfortunately has a long road ahead, but it is one that will eventually be walked, and even with the cynical messages that might have emerged amid the attack, a little empathy is likely deserved at this time. After all, it’s not hard to imagine your own website and company in Fast Company’s shoes.
What I would recommend that you do, as a reader of Fast Company or Inc., is to show you support to the journalists that have been affected by this brutal incident. This attack is an attempt to silence them for reasons of chaos more than anything else, and we should not reward them by giving into the cynical snickers. That is, after all, what they want.
The good journalism that these magazines do does not deserve to be damaged by chaos agents. We need to encourage their publisher to invest in security, yes, but at the same time, that should not extend to the reporting. Like any other magazine, Fast Company is doing its best amid tight deadlines and complex publishing schedules.
Empathy is an important tool right now. Use it well.
Time limit given ⏲: 30 minutes
Time left on clock ⏲: 2 minutes, 29 seconds
