Latest in Gear

Image credit: Michael H

Security error leaves NY airport servers unprotected for a year

The backup storage drive hadn't been password-protected since April.
1669 Shares
Share
Tweet
Share
Save

Sponsored Links

Michael H

In this day and age, hacks and subsequent leaks of user data would seemingly shock everyone into keeping their security up to date. Not so for New York's Stewart International Airport, located 60 miles north of Manhattan, which left its server backup drives exposed to the internet. They were apparently misconfigured back in April 2016 and were left wide open without password protection until now.

The 760 GB of exposed data included TSA letters of investigation, social security numbers, internal airport schematics and emails, according to Chris Vickery, lead researcher from MacKeeper Security Center. He'd discovered the lapse, noting that the backup drive "was, in essence, acting as a public web server." If someone had found their way in, they could access a particular file with usernames and passwords for various devices and systems, which security experts confirmed to ZDNet would open up every component of the airport's internal network to a malicious user.

Apparently, the Port Authority of New York and New Jersey contracts out management of Stewart Airport to a private company called AvPORTS, which uses a single IT professional to set up and maintain its networks. Obviously, having one person show up twice a month per location to make sure each IT setup is watertight presents opportunities for lapses that go unnoticed. A Port Authority spokesperson noted that an investigation was ongoing, but that no information was believed to have been compromised during the near year-long exposure.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1669 Shares
Share
Tweet
Share
Save

Popular on Engadget

Spotify may be in talks to buy culture outlet The Ringer

Spotify may be in talks to buy culture outlet The Ringer

View
Boeing finds another software flaw that might delay 737 Max's return

Boeing finds another software flaw that might delay 737 Max's return

View
Law enforcement is using a facial recognition app with huge privacy issues

Law enforcement is using a facial recognition app with huge privacy issues

View
Microsoft will fix an Internet Explorer security flaw under active attack

Microsoft will fix an Internet Explorer security flaw under active attack

View
Hitting the Books: Hackers can convince your IoT devices to betray you

Hitting the Books: Hackers can convince your IoT devices to betray you

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr