San Francisco airport websites hacked to steal staff passwords, says notice

San Francisco International Airport has confirmed two of its websites were hacked in March as part of an effort to steal staff and contractors’ usernames and passwords.

The airport confirmed in a notice dated April 7 that the two websites, SFOConnect.com and SFOConstruction.com, were “the targets of a cyberattack,” in which the hackers “inserted malicious computer code on these websites to steal some users’ login credentials.” If stolen, these login credentials could have an attacker access to the airport’s network. It’s not known if there were any additional protections in place, such as multi-factor authentication, to prevent a network breach.

The notice added that: “Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by [the airport].”

The notice said the airport pulled the staff-only sites offline and issued a forced password reset on March 23. Both websites are now back up and running.

A spokesperson for San Francisco International Airport did not immediately comment.

It’s not uncommon for attackers to inject code on websites using an existing vulnerability to scoop up entered data, like usernames and passwords or even credit card details.

Two year ago, British Airways’ website saw 380,000 customers’ credit card records stolen when hackers injected malicious code on its website and mobile app. The attack resulted in the largest data breach fine in European history — some $230 million — thanks to the then-newly introduced GDPR regulations.

Meet the Magecart hackers, a persistent credit card skimmer group of groups you’ve never heard of