SecureAuth Named a Leader in KuppingerCole Leadership Compass Report for Customer Identity and Access Management

Hackers Breach San Francisco Airport Websites

Dr. Abdulrahman Kaitoua
May 01, 2020

Get the latest from the SecureAuth Blog

While it’s not clear what the motivation was behind this attack, the two sites appear to have relied on single-sign-on authentication, which made them more susceptible to this type of hacking, says Fausto Oliveira, principal security architect at security firm Acceptto.

“The website requires a registration code that is published on the website itself, hardly an effective measure to prevent account takeover on first use and something that can be exploited easily by threat actors using low effort social engineering attacks,” Oliveira tells Information Security Media Group. “Likewise, reveals data that helps understand the makeup of the information hosted, and there is a SharePoint website that contains airport commission information. This type of data should never be exposed to unauthenticated users.”

Oliveira says that even a simple two-factor authentication process may have stopped some of the data from being exposed.

Read the full article here

Related Stories

Pin It on Pinterest

Share This