A major security lapse at the Stewart International Airport in New York exposed sensitive internal data onto the open internet without any kind of password protection, compromising it for almost a year. Reportedly, the data was over 750GB of sensitive materials and was uncovered by Chris Vickery, a MacKeeper security researcher.
The New York Airport Serves Hundreds Of Thousands Of Passengers Every Year.
Apparently, the internet-connected storage drive had several backup images of servers used by the New York Airport, but all of these could easily be accessed by anyone since neither the backup drive nor the disk images were protected by a password. In fact, it was known that the leaked data included 107GB-worth of personal email correspondence from within the New York Airport, in addition to several letters from the Transportation Security Administration.
What many considers as the most delicate detail about this situation is that the New York Airport, which is about 60 miles north of Manhattan, serves hundreds of thousands of passengers each single year, and is constantly used by the military. Also, this airport is well known in the U.S. for accommodating charter flights of high-profile people, including dignitaries from other nations.
Two Factors Played A Major Role In This Incident
The data breach at the New York Airport has been blamed on a mixture of two situations: on one hand, the airport experimentation with a backup software known as "Shadow Protect", and on the other, the use of a secondary backup device know as Buffalo Terastation, which has been so problematic that it has been at the centre of previous breaches.
Another important detail about this situation was that two researchers confirmed that there was a file that contained a list of passwords for the New York Airport systems. According to the Port Authority of New York and New Jersey, there was no indication of a direct breach and it is quite possible that the backup file didn't contain passengers' data.