The New York Post, one of the biggest New York City daily newspapers, said it was hacked on Thursday after several offensive articles and tweets were published to the newspaper's website and Twitter account.
The articles and tweets, which were racist and sexually violent in nature, were pulled a short time later. TechCrunch is not publishing the contents of the tweets, several of which called for the assassination of politicians and public figures.
The New York Post has been hacked. We are currently investigating the cause.
— New York Post (@nypost) October 27, 2022
It's believed the New York Post's content management system, used for publishing stories and articles, was misused to change published story headlines. The offensive tweets were sent via SocialFlow, a popular website plugin used to push stories to social media sites. The tweets also contained links that pointed to web pages on the Post's website, but which were no longer accessible at the time of writing.
Iva Benson, a spokesperson for News Corp., which owns the New York Post, told TechCrunch: "Confirming that the Post was hacked. The vile and reprehensible content posted has been removed, and we're still investigating the cause." Later, the spokesperson claimed an employee was to blame for the "unauthorized conduct," but declined to say what evidence the newspaper had to show that the employee was to blame.
The incident comes weeks after Fast Company's content management system was breached to push offensive Apple News notifications to readers. Fast Company pulled its site down for more than a week to rebuild its systems following the compromise. The hacker, who identified themselves by their handle "Thrax," posted an article on Fast Company's site describing how they found a "ridiculously easy" default password that was used across several accounts, including an administrator, allowing them access to the news outlet's systems.
Updated with additional details from the company's spokesperson.