San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month.

In March hackers compromised two websites of San Francisco International Airport (SFO) and now it disclosed a data breach. SFO is a major gateway to Europe and Asia, it serves 45 international carriers.

The attackers may have gained access to some users’ login credentials after deploying malware on both websites.

“The attackers inserted malicious computer code on these websites to steal some users’ login credentials,” reads a message posted to both site’s by the SFO’s Airport Information Technology and Telecommunications (ITT) director. “Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO.”

Malicious Code

Hackers may have accessed the impacted users’ credentials and used them to log on to those personal devices. The SFO ITT urges anyone who even visited either website using the Internet Explorer web browser to change the device’s password.

The IT staff at the SFO has already removed the malicious code injected within its websites and took both offline after the attack.

In response to the incident, the SFO Airport reset all email and network passwords.

“The malicious code was removed from the affected websites. SFOConnect.com and SFOConstruction.com were taken offline. The airport also forced a reset of all SFO related email and network passwords on Monday, March 23, 2020.” continues the data breach notice.

At the time of writing, the SFOConnect is up and running, SFOConstruction points to a copy of the Notice of Data Breach stored on an S3 bucket.

Pierluigi Paganini