San Francisco International Airport (SFO) revealed about a data breach in which two websites affiliated with the airport were compromised last month. The attack allowed the hackers to attain device login credentials from users who visited these sites.
The affected websites are SFOConnect.com, that provides informational content to the SFO workforce, and SFOConstruction.com, which includes details on airport construction projects, bids and contracts.
SFO published a notification online stating that the data breach may have affected users who explicitly accessed the two websites outside the airport network using an Internet Explorer browser installed on a personal Windows device not maintained by SFO.
The breach notification states that the hackers stole device credentials and not website credentials which is usually the normal scenario in such breaches. The attackers may have accessed the affected users’ usernames and passwords used to log on to those personal devices.
The notification also says that the malware was removed and both sites were shut down after the discovery of the breach. SFOConnect.com started running now providing the visitors COVID-19 support resources. However, SFOConstruction.com is still under maintenance.
SFO also reported that on March 23 it enforced a reset for any SFO-related email and network passwords, apparently in case any victims use the same stolen credentials for email and network connectivity as well.
SFO advises all users to change their Windows devices’ account passwords if they visited the two sites using Internet Explorer from and outside of the airport’s managed networks.
Also, the users are highly recommended to change credentials from other online services or websites that use the same username and password.