[Updated 19 September 2022] IHG hackers come forward
Hackers describing themselves as a couple from Vietnam took credit for the hack of the InterContinental Hotel Group earlier this month. The duo told the BBC they gained access to the hotel’s network after tricking an employee into downloading and installing malware on their system through a booby-trapped email attachment. The hackers said they then found a password vault for several of the hotel group’s internal systems, including its main database, which was allegedly protected by a password of “Qwerty1234.” The hackers said they tried to install ransomware on the hotel’s network, but after failing, they just wiped the database instead, in frustration.
Read more in
- Unauthorised access to technology systems
- IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun
[Update on 12 September 2022] Holiday Inn hotels hit by cyberattack
The international hotel giant behind Holiday Inn, Crowne Plaza and Regent hotels has confirmed a cyberattack, but little else. Intercontinental Hotels Group, or IHG, issued a statement via the London Stock Exchange saying its systems “have been subject to unauthorised activity.” Vague; how helpful. IHG has more than 6,000 hotels in more than 100 countries, and has 150 million guests each year — so these aren’t small numbers. Customers were left without answers while Holiday Inn’s social media was posting on autopilot. IHG said it was “working to fully restore all systems,” with customers reporting that its booking systems were inaccessible. IHG declined to say what the cyberattack was, but it is reportedly ransomware. It’s not the first time IHG has been hacked; it confirmed a months-long cyberattack in 2016 that allowed hackers to steal credit card data, which the company settled for $1.55 million.
Read more in
- Holiday Inn hotels hit by cyber-attack
- Unauthorised access to technology systems
- Hotel giant IHG blames cyberattack for booking systems outage
- Cyberattack brings down InterContinental Hotels’ booking systems
The InterContinental Hotels Group (IHG), which operates more than 6,000 hotels under 17 brands, disclosed a breach of its IT systems. The incident began on September 5 and was disclosed in a statement made to London (UK) Stock Exchange. The incident disrupted IHG booking systems and other applications. This is the third breach IHG has experienced since 2017.
Note
- IHG had $1.39B of revenue in 2021, or about $3.8M per day. If bookings of IHG’s nearly 900,000 rooms are impacted by the disruption, a 10% hit would mean the breach could be costing them almost $400k per day just in delayed, if not lost, revenue. IHG also paid over $1.5M in a legal settlement over a previous breach, which have been happening frequently at IHG. If you’ve been having trouble convincing management to back needed changes to reduce vulnerabilities, this will be the latest data point for proactive spending invariably being cheaper than incurring a meaningful breach.
- Remember IHG operates 17 hospitality brands including Holiday Inn, Crowne Plaza, and Candlewood Suites, meaning you may be impacted even though you’ve not booked an InterContinental Hotel stay. While centralized systems are offline, local hotel operators are able to process reservations on their local systems. While this is the third attack since 2017, it is unlikely they are connected; think more of kicking someone while they are down. Which means if you’re compromised, you need to not only restore services, and remediate the weaknesses used against you, but also raise the bar overall. The IHG attackers appear to be seeking the personal data associated with reservations, which can then be resold.