IHG data hack was done “for fun”

The cyber attack on the Intercontinental Hotels Group (IHG), which operates the Holiday Inn brand, was reportedly carried out “for fun”.

The perpetrators of the attack, who claimed to be a couple from Vietnam, told the BBC the “attack was originally planned to be a ransomware but the company’s IT team kept isolating servers before we had a chance to deploy it”.

The hackers, who also go by the name of “TeaPea”, then decided to “have some funny” before switching to a “wiper attack”, a variety of attack which deletes the user’s data permanently without ransoming it for financial gain. 

IHG attack

The full scope of the incident has not yet been revealed, however, IHG said in a statement that its booking channels and other applications had been “significantly disrupted”.

The hackers told the BBC they used the widely-used password “Qwerty1234” to access the company’s most sensitive databases.

Before this, TeaPea gained access to the IHG IT systems by tricking an employee into downloading malicious software via a phishing email.

They also had to bypass an additional security prompt message sent to the worker’s devices as part of a two-factor authentication system.

The hackers maintained that they didn’t steal any customer data, though they did manage to access some corporate data such as emails according to the sources.

Despite the attack turning malicious, the original motivations behind it were economic.

“We don’t feel guilty, really,” they told the BBC. “We prefer to have a legal job here in Vietnam but the wage is an average $300 per month.” 

They added: “I’m sure our hack won’t hurt the company a lot.”

In contrast to some of the hacker’s claims, an IHG spokesperson told the BBC that hackers would have needed to have evaded “multiple layers of security” to get into systems.

She said: “IHG employs a defence-in-depth strategy to information security that leverages many modern security solutions”. 

Wiper attacks are often used by national states for political ends due to the chaos they can cause.

The US National Security Agency (NSA) has alleged that the Russian government used the “AcidRain” malware to disrupt Viasat’s satellite network via data deletion around the time of their attack on Ukraine.

Scared of ending up as the next high-profile cyber attack? Checkout our guide to the best endpoint protection

Related posts

Leave a Comment