SFO Websites Hacked: Airport Discloses Data Breach

San Francisco International Airport notified users of two low-traffic websites of a data breach that occurred in March.

The San Francisco International Airport (SFO) disclosed this week two of its websites had been hacked and lead to the disclosure of some users’ login credentials at both sites. The attacks occurred in March and compromised were SFOConnect.com and SFOConstruction.com, both relatively low-traffic websites.

“The attackers inserted malicious computer code on these websites to steal some users’ login credentials,” according to a message posted to both site’s homepages by the SFO’s Airport Information Technology and Telecommunications (ITT) director. “Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO.”

The notice goes on to state, “[I]t appears the attackers may have accessed the impacted users’ usernames and passwords used to log on to those personal devices.” The airport advises anyone who even visited either website using the Internet Explorer web browser, outside of its managed network, to change the device’s password used to log into the endpoint hardware.

Additionally, SFO representatives forced a reset of all SFO related email and network passwords on Monday, March 23, 2020. It also said the “malicious code was removed from the affected websites.”

The site SFOConstruction.com is dedicated to SFO construction projects and is a clearinghouse for outside third-parties interested bids and contracts tied to work related to the airport. The second compromised site, SFOConnect.com, is an information hub for airport employees to find up-to-date airport security news tied to badges and ground transportation.

Worried about your cloud security in the work-from-home era? On April 23 at 2 p.m. ET, join DivvyCloud and Threatpost for a FREE webinar, A Practical Guide to Securing the Cloud in the Face of Crisis. Get exclusive research insights and critical, advanced takeaways on how to avoid cloud disruption and chaos in the face of COVID-19 – and during all times of crisis. Please register here for this sponsored webinar.

Suggested articles

Discussion

  • OB on

    Wonder what type of malicious code it was, stored XSS or were they actually able to upload an infected file onto the website?

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.