The San Francisco International Airport has reported a cyberattack on two of its websites namely SFOConnect.com and SFOConstruction.com, said Bleeping Computer. The hacking, which occurred in March this year, resulted in travelers’ sensitive data being compromised.
In a notice of data breach sent by SFO and cited by Bleeping Computer, the attackers used a “malicious computer code” on the airports’ associated websites. Reportedly, the goal of the hackers was to “steal some users’ login credentials.”
According to the letter, which was sent to SFO Airport commission staff, victims of the hack could include users who visited the two websites even without connecting to the airport network.
Bleeping Computer noted that the airport is one of the largest ports in the country, with flights throughout North America. It has 86 United States cities. It also has flights to Europe and Asia.
Only users who accessed the sites through Internet Explorer using a device with a Windows operating system are affected. However, the letter noted that any access done using IE on a device not maintained by SFO could also be compromised.
Moreover, the airport management believes that the hackers have stolen sensitive data namely usernames and passwords. These credentials are linked with personal devices and are used to log on to such personal systems.
To address the problem, SFO has taken the two compromised websites offline. The airport management also assured users that it has removed the malicious code. All users with SFO related accounts were also compelled to change their passwords.
Network passwords around the airport have also been changed on March 23, 2020.
A report by Forbes cited cyber training and awareness firm Lucy Security CEO Colin Bastable, saying that SFO airport commission’s biggest risk is “from their employees using official email addresses for personal business on sites like Zynga and Myfitnesspal.”
Bastable studied 8,000 compromised credentials and found SFO-related email addresses. This could have caused the breach, said Bastable.
Those who accessed SFOConnect.com and SFOConstruction.com are advised to change their credentials. Any account with the affected username and password should also be changed for good measure.
Bleeping Computer reported that SFOConnect is currently working, while SFOConstruction has only made portions of the site accessible. For some parts, the site says that the “full website is under maintenance and will be back up as soon as possible.”
As of this writing, SFOConstruction merely redirects to a page at FlySFO informing visitors about the data breach.