The Intercontinental Hotels Group was ‘Hacked for Fun!’

Hackers  carried out a destructive cyber-attack against the Holiday Inn owner Intercontinental Hotels Group (IHG) "for fun". The IT systems of InterContinental Hotels Group IHG), the global hospitality organisation that operates 17 hotel brands around the world, have been compromised, causing ongoing disruption to the corporation's online booking systems and other services.

The hackers, who claim to be Vietnamese got into the firm's databases by using a weak password, 'Qwerty1234' and say they first tried a ransomware attack, then deleted a large amount of data before they were stopped

IHG operates 6,000 hotels around the world, including the Holiday Inn, Crowne Plaza and Regent brands. And recently customers said that there were serious problems with booking and check-in.

For 24 hours IHG responded to complaints on social media by saying that the company was "undergoing system maintenance" and a day or so later IHG said it had been hacked.

The hackers, calling themselves TeaPea, contacted the BBC on the encrypted messaging app, Telegram, providing screenshots as evidence that they had carried out the hack.The images, which IHG has confirmed are genuine, show they gained access to the company's internal Outlook emails, Microsoft Teams chats and server directories.

"Our attack was originally planned to be a ransomware but the company's IT team kept isolating servers before we had a chance to deploy it, so we thought to have some funny [sic]. We did a wiper attack instead," one of the hackers said.

TeaPea say they gained access to IHG's internal IT network by tricking an employee into downloading a malicious piece of software through a booby-trapped email attachment. They also had to bypass an additional security prompt message sent to the worker's devices as part of a two-factor authentication system.

The criminals then say they accessed the most sensitive parts of IHG's computer system after finding login details for the company's internal password vault. "The username and password to the vault was available to all employees, so 200,000 staff could see. And the password was extremely weak," they told the BBC.

Surprisingly, the password was Qwerty1234, which regularly appears on lists of most commonly used passwords worldwide.

IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident. We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG's hotels are still able to operate and to take reservations directly.

BBC:   Star Kenya:    The Register:    Head for PointsViewFromTheWing:   StreetInsider:    Bleeping Computer

You Might Also Read: 

Improve Your Password Security:

 

 

« Google Loses Its Appeal & Must Pay €4.1Billion EU Penalty
Russia Plans To Dominate Military AI »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Acumin Recruitment

Acumin Recruitment

Acumin is an internationally established Cyber Security recruitment specialist.

Linklaters LLP

Linklaters LLP

Linklaters is an international law firm. Practice areas include Information Management and Data Protection.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

IP Performance

IP Performance

IP Performance Limited is a leading supplier of customised network infrastructure and security solutions.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

Nuvias Group

Nuvias Group

Nuvias Group is a specialist value-addedd IT distribution company offering a service-led and solution-rich proposition ready for the new world of technology supply.

CryptoCurrency Certification Consortium (C4)

CryptoCurrency Certification Consortium (C4)

The CryptoCurrency Certification Consortium is a non-profit organization that provides certifications to professionals who perform cryptocurrency-related services.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

Visible Statement

Visible Statement

Visible Statement is a computer-based delivery system designed to insure the retention and recall of your most important security training messages.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startups Association is an umbrella organization that aims to promote, support and represent the interests of tech startups in Romania.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

Axient

Axient

Axient advances defense and civilian missions from aerospace to cyberspace with multi-domain test and analysis, mission engineering and operations, and advanced technologies.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.