Holiday Inn was hacked 'for fun'

Hotel sign

Hackers who brought down the booking systems of hotel chain Holiday Inn earlier this month have told the BBC they pulled off the attack 'for fun'. The chain is part of the FTSE-listed company Intercontinental Hotels Group.

The attackers, who described themselves as a couple from Vietnam and went by the alias 'TeaPea', contacted the BBC apparently to brag about their exploit.

They said that they had initially planned a ransomware attack, but were frustrated when the company's IT team repeatedly isolated the servers they were targeting. Eventually they switched tack, deleting data instead "to have some funny". They said that they had also stolen some corporate data, including email records, but they claimed not to have any customer data.

The hackers claimed to have accessed the company's secure password vault which used an extremely weak password, Qwerty1234.

In their comments to the BBC they showed no remorse for the attack.

"We don't feel guilty, really," they said. "I'm sure our hack won't hurt the company a lot."

The company was hacked two weeks ago, announcing in a regulatory filing on September 6th that its booking channels and other systems were down as a result of "unauthorized activity."

Service was disrupted, leading customers to complain on social media. IHG told the BBC that systems were returning to normal but still face intermittent problems.

Previous
Previous

Canadian SMEs vulnerable to cyber attacks, authorities say

Next
Next

Cyber attacks down 7% in H1, says report