Weak Password

Weak Password Dooms Intercontinental Hotels Group to Cyberattack: Cybersecurity Trends

Major corporations fall victim to cyberattacks all the time, but this one was evidently hacked because of an obvious and weak password.

As reported by the BBC (IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun, written by Joe Tidy), hackers claimed they carried out a destructive cyber-attack against Intercontinental Hotels Group (IHG) – operator of 6,000 hotels around the world, including the Holiday Inn, Crowne Plaza and Regent brands – “for fun”.

Describing themselves as a couple from Vietnam, they say they first tried a ransomware attack, then deleted large amounts of data when they were foiled. They accessed the FTSE 100 firm’s databases thanks to an easily found and weak password, Qwerty1234.

On Monday, September 5th, customers reported widespread problems with booking and check-in. For 24 hours IHG responded to complaints on social media by saying that the company was “undergoing system maintenance”. The next day, it told investors that it had been hacked in an official notice lodged with the London Stock Exchange, stating: “IHG’s booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing.”

The hackers, calling themselves TeaPea, contacted the BBC on the encrypted messaging app, Telegram, providing screenshots (which IHG has confirmed are genuine) as evidence that they had carried out the hack, showing they gained access to the company’s internal Outlook emails, Microsoft Teams chats and server directories.

“Our attack was originally planned to be a ransomware but the company’s IT team kept isolating servers before we had a chance to deploy it, so we thought to have some funny [sic]. We did a wiper attack instead,” one of the hackers said. A wiper attack is a form of cyber-attack that irreversibly destroys data, documents and files.

TeaPea say they gained access to IHG’s internal IT network by tricking an employee into downloading a malicious piece of software through a booby-trapped email attachment. They also had to bypass an additional security prompt message sent to the worker’s devices as part of a two-factor authentication system.


The criminals then say they accessed the most sensitive parts of IHG’s computer system after finding login details for the company’s internal password vault. “The username and password to the vault was available to all employees, so 200,000 staff could see. And the password was extremely weak,” they told the BBC.

Surprisingly, that weak password was reportedly “Qwerty1234”, which regularly appears on lists of most commonly used passwords worldwide. Ouch.

The hackers are showing no remorse about the disruption they have caused the company and its customers. “We don’t feel guilty, really. We prefer to have a legal job here in Vietnam but the wage is average $300 per month. I’m sure our hack won’t hurt the company a lot.”

All it takes is one weak link in the security chain to break apart the chain – no matter how many security measures are applied within an organization. Even for a major corporation like IHG.

So, what do you think? Are you surprised that a major corporation used such an obviously weak password? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.


Leave a Reply