Data wiped in IHG hack for revenge, Vietnamese couple says

Sicherheit (Pexels, allgemeine Nutzung)[German]More information on the hack of InterContinental Hotels Group PLC (IHG) a few weeks ago. What was originally planned as blackmail then led to the deletion of extensive data when the blackmail went wrong. This is what a couple from Vietnam reportedly confessed to the British BBC.


The IHG ransomware attack

InterContinental Hotels Group PLC (IHG) is a British multinational company that currently operates 6,028 hotels in more than 100 countries. Its brands include hotel chains such as InterContinental, Regent, Six Senses, Crowne Plaza, Holiday Inn and many others. In the blog post Security: TikTok leak, ransomware infections, seizures and more, I had reported that the hotel chain had fallen victim to a cyberattack. 

Customers had noticed weeks ago that access to the hotel chain's booking system was suddenly disrupted. For 24 hours, IHG responded to customer complaints on social media by saying the company's IT was "undergoing system maintenance." Then, in a statement to the London Stock Exchange, the company said that parts of its tech systems had been the subject of unauthorized activity. IHG's booking channels and other applications had been significantly disrupted, it said, and this was ongoing.

Details of the hack become known

According to this BBC article, the hackers have claimed responsibility for the cyberattack. The hackers described themselves as a couple from Vietnam who had carried out a destructive cyberattack on Intercontinental Hotels Group (IHG) "for fun." Originally, they only intended to carry out an attack to extort money from the hotel group.

The pair gained access to the group's databases using a password Qwerty1234. Then the hackers tried to blackmail the hotel group. However, this did not lead to success, so the couple deleted large amounts of data in revenge. The pair of hackers call themselves TeaPea (not to be confused with TeaPot, the pseudonym of the hackers of the Uber hack, see Ride service provider Uber investigates hack (Sept. 2022).

The hackers contacted the BBC via the encrypted messaging app Telegram and provided screenshots as evidence that they had carried out the hack. The screenshots appear to confirm the authenticity of the IHG hack claims and show that the hackers gained access to the company's internal Outlook emails, Microsoft Teams chats and server directories.


"Our attack was originally planned as ransomware, but the company's IT team kept isolating servers before we had a chance to use it. We did a wiper attack instead," one of the hackers told the BBC. A wiper attack is a form of cyberattack in which data, documents and files are irrevocably destroyed.

"We don't really feel guilty. We prefer to have a legal job here in Vietnam, but the salary is $300 per month on average. I'm sure our hack won't cause much damage to the company," BBC quoted the hacker as saying. The hackers say no customer data was stolen, but they would have captured some company data, including emails.

Cybersecurity specialist Rik Ferguson, vice president of security at Forescout, described the incident to the BBC as a cautionary tale. Although the company's IT team initially found a way to fend off the hackers, they still managed to do damage. "The change in tactics by the hackers seems to have been born out of vindictive frustration," Ferguson said. "They couldn't make money, so they struck, and that clearly reveals that these are not 'professional' cybercriminals." According to IHG, customer-facing IT systems are returning to normal operations, but services may continue to be disrupted.

Cookies helps to fund this blog: Cookie settings


This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *