The Intercontinental Hotels Group was subjected to cyberattack; Hackers says they did it “for fun”

By Somya Agrawal Published on September 18, 2022, 00:22 IST

The Intercontinental Hotels Group (IHG), which owns Holiday Inns, was subjected to a severe cyberattack, according to the BBC, which was carried out by hackers who claimed they did it “for fun.” They identify themselves as a couple from Vietnam and claim that after trying a failed ransomware attack, they erased a significant amount of data. They gained access to the databases of the FTSE 100 firm using the carelessly chosen and insecure password Qwerty123.

According to one analyst, the episode shows the vindictive side of criminal hackers. IHG, which has its corporate office in the UK, is in charge of 6,000 hotels that go by the brands Holiday Inn, Crowne Plaza, and Regent. Numerous issues with reservations and check-in were reported by clients on Monday of last week.

In response to criticism on social media over 24 hours, IHG stated that the business was “undergoing system maintenance.” Investors were informed after that that the company had been compromised on Tuesday afternoon. In order to prove their involvement in the intrusion, the hackers communicated with the BBC through the secure messaging app Telegram using the alias TeaPea.

IHG has validated the authenticity of the photos, which demonstrate how they got access to the company’s internal Outlook emails, Microsoft Teams discussions, and server directories.

One of the hackers said to BBC, “Our attack was originally planned to be ransomware but the company’s IT team kept isolating servers before we had a chance to deploy it, so we thought to have some fun. We did a wiper attack instead.”

A wiper cyberattack permanently deletes all files, data, and documents. Vice President of security at Forescout and cybersecurity expert Rik Ferguson said to BBC that the incident should serve as a lesson since, despite the IT team’s best efforts, the hackers were still able to damage the business.

Services may still be spotty, according to IHG, despite the fact that customer-facing systems are getting back to normal. They don’t care about the trouble the hackers gave the business and its clients.

“We don’t feel guilty, really. We prefer to have a legal job here in Vietnam but the wage is an average of $300 per month. I’m sure our hack won’t hurt the company a lot,” said hackers to BBC. Despite their assertions that no client data was taken, the hackers do have certain company data, including email records.

According to TeaPea, they allegedly used a booby-trapped email attachment to trick a worker into installing dangerous malware, giving them access to IHG’s internal IT network. Additionally, as part of the two-factor authentication procedure, they had to get past a new security prompt message that was delivered to the employees’ handsets.

The thieves claim that after discovering the login information for the business’ internal password vault, they were able to gain access to the most confidential portions of IHG’s computer network. The password, which was unexpectedly Qwerty1234, is frequently listed among the most popular passwords worldwide.

They told BBC, “The username and password to the vault were available to all employees, so 200,000 staff could see. And the password was extremely weak.” IHG’s spokesperson denied that the password vault data was susceptible, claiming that the attacker had to get beyond “several layers of security,” but she offered no other details.