The Intercontinental Hotels Group (IHG), which owns Holiday Inns, was the target of a disastrous cyberattack by hackers who claimed they were doing it "for fun", according to the BBC.
They claim to have deleted significant amounts of data after they attempted a ransomware attack that identified themselves as a couple from Vietnam and failed.
Using the simple and insecure password Qwerty1234, they were able to access the databases of the FTSE 100 company.
According to one expert, the example shows the vengeful side of criminal hackers.
A UK-based company, IHG operates 6.000 hotels worldwide under the names Holiday Inn, Crowne Plaza and Regent. Customers had extensive issues with booking and check-in on Monday last week.
IHG responded to the criticism on social media by stating that the business is "under system maintenance" around the clock.
The company later informed investors that it was hacked on Tuesday afternoon.
In the official announcement made to the London Stock Exchange, it was stated that “reservation channels and other applications have been significantly affected since yesterday”.
It was seen that the warnings were reflected on the London Stock Exchange as follows.
- Internet attack on Holiday Inn hotels
- A payment hack affected Holiday Inn hotels.
To prove they were involved in the breach, the hackers using TeaPea contacted the BBC using the secure messaging service Telegram.
IHG has confirmed that the photos are real. It shows how they can access the organization's internal Outlook email, Microsoft Teams discussions, and server directories.
“The company's IT team originally intended our attack to be a ransomware attack, but they continued to isolate the servers before we launched it, so we decided to have some fun instead. Instead, we launched a wiper attack,” one of the hackers explained.
A data wipe attack is a type of cyber attack that permanently deletes files, data, and documents.
Rik Ferguson, vice president of security and cybersecurity specialist at Forescout, said the incident should be a lesson because even if the company's IT team initially managed to fend them off, hackers can still do harm.
"The hackers' change of strategy appears to be the result of a resentful revenge," he said. They are frustrated that they can't make money and this clearly shows that they are not "professional" cybercriminals. IHG says customer-facing systems are back to normal, but services can also be irregular.
The disruption that hackers have caused to the business and its customers doesn't make them feel bad.
“We really don't feel bad. Although the average monthly salary in Vietnam is $300, we would prefer to have a legal job. Our hack won't do much damage to the business, I'm sure.”
Although the hackers claim that no customer data was retrieved, they do have certain business data, including email records.
According to TeaPea, they tricked an employee into downloading malware via a booby-trapped email attachment that gave access to IHG's internal IT network.
Additionally, as part of the two-factor authentication process, employees had to bypass a separate security prompt message sent to their devices. The thieves claim to have gained access to the most private parts of IHG's computer network after discovering the login information for the business's internal password vault.
“All employees had access to the safe's username and password, which made the safe visible to 200.000 staff. Moreover, the password was really weak” they informed the BBC.
Unexpectedly, the password was Qwerty1234, which frequently makes up lists of the most popular passwords used worldwide.
After viewing the screenshots, Mr Ferguson said, “Sensitive data should only be accessible to personnel who need access to it to do their job. “They must have the lowest required level of access to use this data.”
If a password is left exposed, it is just as insecure as a simple password.
An IHG spokesperson denied that the password vault information was insecure and claimed that the attacker needed to go beyond "several layers of security", although he did not provide details. “IHG uses a defense-in-depth approach to information security that leverages a number of contemporary security solutions.