San Francisco International Airport (SFO) is, during normal times, the seventh busiest airport in the United States. It has also now confirmed that hackers managed to compromise two of its websites during a cyber-attack, and likely steal users' Windows login credentials. In a notice of data breach statement, SFO has warned potentially impacted users to change their Windows passwords accordingly.
According to that notice of data breach, which was first reported by Bleeping Computer, the two websites, SFOConnect.com and SFOConstruction.com, were attacked in March. Hackers managed to inject malicious code into the websites in order to "steal some users' login credentials."
Interestingly, it would appear that the hackers were not after the credentials used to login to the websites themselves, used to distribute information to the SFO workforce and data on construction projects, respectively, but rather their Windows device credentials.
The users impacted by the cyber-attack, the SFO breach notice said, were those "accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO." The data impacted, SFO said, looks like the usernames and passwords to login to those personal Windows devices.