Two San Francisco International Airport (SFO) websites have been targeted by cyber criminals.
On April 7, SFO revealed that SFOConnect.com and SFOConstruction.com were attacked in March 2020. The attackers inserted malicious computer code on these websites to steal some users’ login credentials.
Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO.
According to SFO’s statement, it appears the attackers may have accessed the impacted users’ usernames and passwords used to log on to those personal devices.
The malicious code was removed from the affected websites and both SFOConnect.com and SFOConstruction.com were taken offline. The airport also forced a reset of all SFO related email and network passwords.
SFO advises those who visited either website outside of SFO’s managed networks and using Internet Explorer on a Windows-based device to change their password used to log in to that device. In addition, they should also consider changing any credentials that use the same username and password
combination.