A Vindictive Vietnamese Couple Hacks IHG's Hotel Chain Data For Fun

IHG was the target of a recent cyberattack by hackers who claimed they only did it for fun.

The Intercontinental Hotels Group (IHG), which owns Holiday Inn, was the target of a cyberattack by hackers who claimed they did it "for fun," according to a report by BBC.

They identify as a couple from Vietnam and claim that after trying a ransomware attack, which was unsuccessful, they erased a significant amount of data from the company.

They were able to access the databases of the FTSE 100 company by using the simple password Qwerty1234. According to an expert, the instance shows the vengeful side of the criminal hackers.

International Arrivals Resume Into Melbourne As Victoria Introduces New Hotel Quarantine Measures
MELBOURNE, AUSTRALIA - APRIL 08: A general view of the Holiday Inn at Melbourne Airport, one of the hotels to be used for hotel Quarantine on April 08, 2021 in Melbourne, Asanka Ratnayake/Getty Images)

Hacking IHG

IHG, a UK-based company, runs 6,000 hotels globally under the Regent brands Holiday Inn, and Crowne Plaza. Customers experienced extensive issues with booking and check-in on Monday of last week.

IHG replied to backlash on social media for 24 hours by stating that the business was "undergoing system maintenance." The company then informed investors that their system had been hacked on Tuesday afternoon.

In a formal notice filed with the London Stock Exchange, the company stated that their booking channels and other applications had been greatly affected since yesterday.

In order to prove their involvement in the breach, the hackers, going by the handle TeaPea, contacted the BBC using the secure messaging service Telegram.

IHG has confirmed that the photos are real, demonstrating how they could access the organization's internal Outlook emails, Microsoft Teams discussions, and server directories.

Vice-president of security at Forescout and cyber-security expert Rik Ferguson said the case should serve as a lesson since, despite the company's IT team's initial success in thwarting the hackers, they still managed to find a way to break in.

"The hackers' change of tactic seems born out of vindictive frustration, they couldn't make money so they lashed out, and that absolutely betrays the fact that we are not talking about 'professional' cybercriminals here," Fergurson told BBC.

Not Guilty

The hackers also told BBC that they are not guilty of causing the disruption and claimed that their hack "won't hurt the company a lot."

Although the hackers claim that no client data was taken, they do possess certain business data, such as email records.

According to TeaPea, they tricked an employee into downloading malicious software through a booby-trapped email attachment, which gave them access to IHG's internal IT network.

Additionally, as part of the two-factor authentication process, they had to get around a separate security prompt message that was delivered to the devices of the employees.

The hackers claim that after discovering login information for the business' internal password vault, they gained access to the most private parts of IHG's computer network.

More interestingly, the password was Qwerty1234, which is frequently regarded as one of the most commonly used passwords in the world. An IHG spokesperson denied that the password vault information was unsecured, claiming that the attacker had to get beyond several layers of security.

This article is owned by Tech Times

Written by Joaquin Victor Tacla

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics