Latest in Gear

Image credit:

Security error leaves NY airport servers unprotected for a year

The backup storage drive hadn't been password-protected since April.
David Lumb, @OutOnALumb
February 24, 2017
Share
Tweet
Share

Sponsored Links

Michael H

In this day and age, hacks and subsequent leaks of user data would seemingly shock everyone into keeping their security up to date. Not so for New York's Stewart International Airport, located 60 miles north of Manhattan, which left its server backup drives exposed to the internet. They were apparently misconfigured back in April 2016 and were left wide open without password protection until now.

The 760 GB of exposed data included TSA letters of investigation, social security numbers, internal airport schematics and emails, according to Chris Vickery, lead researcher from MacKeeper Security Center. He'd discovered the lapse, noting that the backup drive "was, in essence, acting as a public web server." If someone had found their way in, they could access a particular file with usernames and passwords for various devices and systems, which security experts confirmed to ZDNet would open up every component of the airport's internal network to a malicious user.

Apparently, the Port Authority of New York and New Jersey contracts out management of Stewart Airport to a private company called AvPORTS, which uses a single IT professional to set up and maintain its networks. Obviously, having one person show up twice a month per location to make sure each IT setup is watertight presents opportunities for lapses that go unnoticed. A Port Authority spokesperson noted that an investigation was ongoing, but that no information was believed to have been compromised during the near year-long exposure.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The redesigned Tesla Model S interior swaps in a steering yoke

The redesigned Tesla Model S interior swaps in a steering yoke

View
Discord bans Reddit’s WallStreetBets for hate speech as scrutiny intensifies

Discord bans Reddit’s WallStreetBets for hate speech as scrutiny intensifies

View
Tesla's Cybertruck is on track for volume production in 2022

Tesla's Cybertruck is on track for volume production in 2022

View
US arrests far-right Twitter troll for 2016 election interference

US arrests far-right Twitter troll for 2016 election interference

View
Amazon’s motorized Echo Show 10 goes on sale February 25th

Amazon’s motorized Echo Show 10 goes on sale February 25th

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr