Apple News: a publisher hacked via the platform, but the security of the service would not be in question

AppleNews is there really a publishing platform as secure as Apple claims? One could at first sight doubt it after readers of Fast Company (on Apple News therefore) received two racist and sexist push notifications following an act of hacking. The publisher of Fast Company hastened to notify the attack while adding that his Apple News account had been hacked, information quickly confirmed by Apple.

If we left it at that, there is no doubt that it would be legitimate to consider that Apple News is a nice sieve, except that a more global explanation of the facts would bring a big nuance. We indeed learn that the Fast Company hacker committed his first misdeed not by directly attacking Apple News but by infiltrating the Fast Company site using the good old method of “social hacking”; it turns out that a password for accessing the site was widely shared between several employees of the publisher, including… an administrator account (which therefore has all the rights on the system). It was only once there that the hacker was able to recover the Apple News login credentials used by Fast Company.

Finally, note that since the hacking of his Apple News account, the Fast Company site has been temporarily closed.