This is the day and age of hacks and leaks. With every single person on the net trying their best to keep their security up to date. This simple philosophy was not followed by New York’s Stewart International Airport, located 60 miles north of Manhattan. They accidentally left their server exposed for almost a year. Before realizing that there was apparently a misconfiguration of server way back in April 2016. That left the server without any password protection till now.
760GB of exposed data
There was almost 760GB of exposed data. This data included social security numbers, TSA letters of investigation, emails and internal airport schematics. MacKeeper Security Center’s lead researcher Chris Vickery said that “I discovered the lapse, noting that the backup drive “was, in essence, acting as a public web server.” If someone had found their way in, they could access a particular file with usernames and passwords for various devices and systems.” Security experts confirmed to ZDNet that this mistakes could open up every component of the airport’s internal network to a malicious user.
Online security of Stewart Airport was contracted out to a private company called AvPORTS and they used only one IT professional to set up and maintain the whole network. So one person showing up twice a month is surely not optimal for the security of an airport. Because of these lapses, the mistakes went unnoticed for this long. An investigation is ongoing to measure the damage and find people who are responsible.