September 19, 2022

TeaPea hackers said they had carried out a destructive cyberattack on the owner of Holiday Inn Intercontinental Hotels Group (IHG) “for fun.”

Describing themselves as a Vietnamese couple who tried a ransomware attack before deleting large amounts of data when their attempts failed, they gained access to the FTSE 100 company’s databases using an easily discovered and weak password, Qwerty1234.

The hackers claimed to have gained access to IHG’s internal IT network by tricking an employee into downloading malicious software through a busted email attachment, and by bypassing an additional security request sent to the employee’s devices as part of a two-factor authentication system. The hackers say no customer data was stolen but they do have some corporate data, including email records.

The hackers communicated with the BBC via Telegram and provided screenshots as proof of the hack. The images show that they gained access to the company’s internal Outlook emails, Microsoft Teams chats and server directories, which IHG has confirmed as genuine.

“Our attack was originally intended to be a ransomware attack, but the company’s IT team kept isolating servers before we could deploy it, so we decided to have some fun [sic]. Instead, we used a wiper attack. We don’t feel guilty, really. We prefer to have a legal job here in Vietnam, but the wage is average $300 per month. I’m sure that our hack won’t hurt the company a lot,” said one of the hackers.

Initially, IHG responded to complaints on social media by saying the company was “undergoing system maintenance.” It informed investors later on Tuesday afternoon that it had been hacked.

The sources for this piece include an article in BBC.