You are here
Home > News > IHG hotel chain targeted in vindictive cyberattack

IHG hotel chain targeted in vindictive cyberattack

Last Monday, the InterContinental Hotel Group (IHG) fell victim to a cyberattack, disabling their website and irreversibly deleting some of its files.

The hospitality giant manages 17 hotel chains, including the Regent, Crowne Plaza, Holiday Inn, and Candlewood Suites. IHG operates 6,028 hotels in more than 100 different countries.

On Monday last week, however, unsatisfied customers reported widespread problems with booking and check-in.

What is going on with your system? For at least 19hrs. Phones and apps not working- afraid to book anything. No customer service at all

— Kim Sweat (@rsweatark) September 6, 2022

For 24 hours IHG responded to complaints on social media, and its official website by informing the public that the company was “undergoing system maintenance”. While streams of customer complaints flooded social media.

@HolidayInn is my reservation gone? Or is there a problem with the system? I need help

— Josue Rivera (@Josuerivera20) September 6, 2022

Then on Tuesday afternoon it told investors that it had been hacked.

“Booking channels and other applications have been significantly disrupted since yesterday,” it said in an official notice lodged with the London Stock Exchange.

Screencap: IHG Statement

The hackers, calling themselves TeaPea, contacted the media providing screenshots as evidence that they had carried out the hack. The screenshots were later confirmed by IHG to be genuine, and proved that they have gained access to the company’s internal emails, team chats and server directories.

The hacker also revealed that they gained access to IHG’s internal IT network by tricking an employee into downloading a malicious piece of software through a booby-trapped email attachment.

The criminals then say they accessed the most sensitive parts of IHG’s computer system after finding login details for the company’s internal password vault.

“Our attack was originally planned to be ransomware but the company’s IT team kept isolating servers before we had a chance to deploy it, so we thought to have some fun [sic]. We did a wiper attack instead,” one of the hackers said.

Cyber-security specialist Rik Ferguson, vice-president of security at Forescout, said the incident was a cautionary tale as, even though the company’s IT team initially found a way to fend them off, the hackers were still able to find a way to inflict damage.

“The hackers’ change of tactic seems born out of vindictive frustration,” he said. “They couldn’t make money so they lashed out, and that absolutely betrays the fact that we are not talking about ‘professional’ cybercriminals here.”

IHG says customer-facing systems are returning to normal but that services may remain intermittent.

The hackers are showing no remorse about the disruption they have caused the company and its customers.

“We don’t feel guilty, really. We prefer to have a legal job here in Vietnam but the wage is average USD300 per month. I’m sure our hack won’t hurt the company a lot.”

The hackers say no customer data was stolen but they do have some corporate data, including email records.

Warning: Invalid argument supplied for foreach() in /var/www/warsawpoint/data/www/ on line 69

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.