[BreachExchange] San Francisco Intl Airport discloses data breach after hack

Destry Winant destry at riskbasedsecurity.com
Mon Apr 13 10:09:42 EDT 2020


San Francisco International Airport (SFO) disclosed a data breach
after two of its websites, SFOConnect.com and SFOConstruction.com,
were hacked during March 2020.

According to a notice of data breach sent to all SFO Airport
commission employees via an internal memo, the attackers may have
gained access to the login credentials of users registered on the two
breached sites.

San Francisco International Airport is Bay Area's largest airport and
it currently offers flights throughout North America with non-stop
connections to 86 cities in the U.S. on 12 domestic airlines.

SFO is also a major gateway to Europe and Asia with flights to over 50
international cities via 45 international carriers.

Attackers injected malicious code to steal credentials

"SFOConnect.com and SFOConstruction.com were the targets of a
cyberattack in March 2020," the memo reads.

"The attackers inserted malicious computer code on these websites to
steal some users’ login credentials."

"Users possibly impacted by this attack include those accessing these
websites from outside the airport network through Internet Explorer on
a Windows-based personal device or a device not maintained by SFO."

After investigating the incident, SFO discovered that the attackers
might have gained access to the affected users' usernames and

SFO removed the malicious code injected within the two compromised
websites and took them offline after discovering the attack.

Airport reset all email and network passwords

"The airport also forced a reset of all SFO related email and network
passwords on Monday, March 23, 2020," the data breach alert adds.

SFO recommends all users to change their Windows devices' account
passwords if they visited the two sites using Internet Explorer from
and outside of the airport's managed networks.

They are also urged to change credentials from other online services
or websites that use the same username and password combination.

While the SFOConnect is now up and running, SFOConstruction is only
displaying part of the content and it says that the "full website is
under maintenance and will be back up as soon as possible."

BleepingComputer has reached out to a San Francisco International
Airport spokesperson for additional comments. This article will be
updated if a response is received.

More information about the BreachExchange mailing list