Fast Hack 🔓

The popular business magazine Fast Company is smarting from a brutal hack this week—an incident that highlights the need for stronger security, but also a strong dose of empathy.

Today’s sponsor: Stacked Marketer is the free daily newsletter that gives marketers an edge on the competition in just 7 minutes a day. Covering breaking news, tips and tricks, and insights for all major marketing channels like Google, Facebook, TikTok, native ads, SEO and more. Join 32k+ marketers who read it daily.

(Chris Lynch/Unsplash)

Fast Company is a magazine I deeply admire, one that has published lots of fascinating and important stories over the years. It is a publication I think highly of.

Problem is, when you’re deeply admired, that makes you a target—and this week, Fast Company was brutally hacked in a way that will likely take days for the company to resolve, potentially with deep cleanup costs. The hack, conducted by a user named “Thrax,” came about as a result of what the user claims was an extremely-easy-to-hack default password, which allowed the person full access to the administrator accounts, from which point it was able to access sensitive data like API keys and tokens for its Amazon SES email tool.

The magazine, reliant on a WordPress installation, isn’t unlike any other publisher in 2022—just like any other platform, it has a lot of content to manage, employee records to keep safe, and, unfortunately, weak points that can be exploited. Those weak points were exploited, at scale, by the hacker, who sent an obscene message through their Apple News notifications, a situation bad enough that, as of this writing, both Fast Company and its sister publication, Inc., are still down. It is unprecedented in the modern day for a publication to be taken offline by hackers for this long, but the truth is, any organization can face issues like this, depending on their history and track record.

The reason is that, even now, it is far too easy to let security fall to the side, even at organizations that might otherwise have a reason to take it seriously. Twitter, for example, saw its network hacked in 2020 essentially through a set of credentials that were accessible, loosey-goosey, on a Slack channel, giving the hackers access to any number of prominent Twitter accounts.

I don’t think these companies and networks are the exception—unfortunately, weak security practices are widespread, especially when it comes to extremely common CMS platforms like WordPress. Even with tight security, WordPress is still the Windows of content management, and therefore will always have a target on its back.

From a reassuring-readers standpoint, Fast Company unfortunately has a long road ahead, but it is one that will eventually be walked, and even with the cynical messages that might have emerged amid the attack, a little empathy is likely deserved at this time. After all, it’s not hard to imagine your own website and company in Fast Company’s shoes.

What I would recommend that you do, as a reader of Fast Company or Inc., is to show you support to the journalists that have been affected by this brutal incident. This attack is an attempt to silence them for reasons of chaos more than anything else, and we should not reward them by giving into the cynical snickers. That is, after all, what they want.

The good journalism that these magazines do does not deserve to be damaged by chaos agents. We need to encourage their publisher to invest in security, yes, but at the same time, that should not extend to the reporting. Like any other magazine, Fast Company is doing its best amid tight deadlines and complex publishing schedules.

Empathy is an important tool right now. Use it well.

Time limit given ⏲: 30 minutes

Time left on clock ⏲: 2 minutes, 29 seconds

Ernie Smith

Your time was just wasted by Ernie Smith

Ernie Smith is the editor of Tedium, and an active internet snarker. Between his many internet side projects, he finds time to hang out with his wife Cat, who's funnier than he is.

Find me on: Twitter

Related Reads