While it's not clear what the motivation was behind this attack, the two sites appear to have relied on single-sign-on authentication, which made them more susceptible to this type of hacking, says Fausto Oliveira, principal security architect at security firm Acceptto.
"The SFOConstruction.com website requires a registration code that is published on the website itself, hardly an effective measure to prevent account takeover on first use and something that can be exploited easily by threat actors using low effort social engineering attacks," Oliveira tells Information Security Media Group. "Likewise, SFOConnect.com reveals data that helps understand the makeup of the information hosted, and there is a SharePoint website that contains airport commission information. This type of data should never be exposed to unauthenticated users."
Oliveira says that even a simple two-factor authentication process may have stopped some of the data from being exposed.