IHG data hack was done "for fun"

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock)

The cyber attack on the Intercontinental Hotels Group (IHG), which operates the Holiday Inn brand, was reportedly carried out "for fun".

The perpetrators of the attack, who claimed to be a couple from Vietnam, told the BBC the "attack was originally planned to be a ransomware but the company's IT team kept isolating servers before we had a chance to deploy it".

The hackers, who also go by the name of "TeaPea", then decided to "have some funny" before switching to a "wiper attack", a variety of attack which deletes the user's data permanently without ransoming it for financial gain. 

IHG attack

The full scope of the incident has not yet been revealed, however, IHG said in a statement that its booking channels and other applications had been "significantly disrupted".

The hackers told the BBC they used the widely-used password "Qwerty1234" to access the company's most sensitive databases.

Before this, TeaPea gained access to the IHG IT systems by tricking an employee into downloading malicious software via a phishing email.

They also had to bypass an additional security prompt message sent to the worker's devices as part of a two-factor authentication system.

The hackers maintained that they didn't steal any customer data, though they did manage to access some corporate data such as emails according to the sources.

Despite the attack turning malicious, the original motivations behind it were economic.

"We don't feel guilty, really," they told the BBC. "We prefer to have a legal job here in Vietnam but the wage is an average $300 per month." 

They added: "I'm sure our hack won't hurt the company a lot."

In contrast to some of the hacker's claims, an IHG spokesperson told the BBC that hackers would have needed to have evaded "multiple layers of security" to get into systems.

She said: "IHG employs a defence-in-depth strategy to information security that leverages many modern security solutions". 

Wiper attacks are often used by national states for political ends due to the chaos they can cause.

The US National Security Agency (NSA) has alleged that the Russian government used the “AcidRain” malware to disrupt Viasat's satellite network via data deletion around the time of their attack on Ukraine.

  • Scared of ending up as the next high-profile cyber attack? Checkout our guide to the best endpoint protection

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.