The San Francisco International Airport (SFO) disclosed this week two of its websites had been hacked and lead to the disclosure of some users’ login credentials at both sites. The attacks occurred in March and compromised were SFOConnect.com and SFOConstruction.com, both relatively low-traffic websites.

“The attackers inserted malicious computer code on these websites to steal some users’ login credentials,” according to a message posted to both site’s homepages by the SFO’s Airport Information Technology and Telecommunications (ITT) director. “Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO.”



The notice goes on to state, “[I]t appears the attackers may have accessed the impacted users’ usernames and passwords used to log on to those personal devices.” The airport advises anyone who even visited either website using the Internet Explorer web browser, outside of its managed network, to change the device’s password used to log into the endpoint hardware.

Additionally, SFO representatives forced a reset of all SFO related email and network passwords on Monday, March 23, 2020. It also said the “malicious code was removed from the affected websites.”

The site SFOConstruction.com is dedicated to SFO construction projects and is a clearinghouse for outside third-parties interested bids and contracts tied to work related to the airport. The second compromised site, SFOConnect.com, is an information hub for airport employees to find up-to-date airport security news tied to badges and ground transportation.

Worried about your cloud security in the work-from-home era? On April 23 at 2 p.m. ET, join DivvyCloud and Threatpost for a FREE webinar, A Practical Guide to Securing the Cloud in the Face of Crisis. Get exclusive research insights and critical, advanced takeaways on how to avoid cloud disruption and chaos in the face of COVID-19 – and during all times of crisis. Please register here for this sponsored webinar.