IHG Was Hacked Using Password “Qwerty1234”

More information has come out of the IHG hack that started two weeks ago on Sunday and took down its entire IT system for two days.

IHG claimed for more than 24 hours that it was going through a “system maintenance” before releasing the only statement so far about this incident that it had indeed been hacked.

You can access IHG here.

READ MORE: IHG One Rewards Rate & Bonus Points Offers

The hacker group from Vietnam called TeaPea contacted BBC and shared information about the hack with the British broadcaster.

The hackers had trouble executing ransomware, so they decided to do a wiper attack instead (destroy data):

“Our attack was originally planned to be a ransomware but the company’s IT team kept isolating servers before we had a chance to deploy it, so we thought to have some funny [sic]. We did a wiper attack instead,” one of the hackers said.

A wiper attack is a form of cyber-attack that irreversibly destroys data, documents and files.

The internal database was using Qwerty1234 as its password:

TeaPea say they gained access to IHG’s internal IT network by tricking an employee into downloading a malicious piece of software through a booby-trapped email attachment.

The criminals then say they accessed the most sensitive parts of IHG’s computer system after finding login details for the company’s internal password vault.

“The username and password to the vault was available to all employees, so 200,000 staff could see. And the password was extremely weak,” they told the BBC.

Surprisingly, the password was Qwerty1234, which regularly appears on lists of most commonly used passwords worldwide.

IHG Hack Timeline:

• Website and app went down at 9 PM ET on Sunday (September 4)
• Website and app were briefly up between 11 AM and 1 PM ET on Monday (September 5)
• IHG Releases a statement about the hack on Tuesday afternoon (September 6)
• Website and app back online (booking functionality) at 11:30 PM ET on Tuesday

Previous IHG Hack Coverage:

• IHG Struggles To Post Completed Stays & Amenity Points
• IHG Website & App Functionality Coming Back Online
• IHG Releases Statement To Consumers Regarding System Hack
• IHG Confirms The Reason For Prolonged “Website Maintenance” – HACK
• IHG’s Total System Outage Continues For The Second Day
• IHG Outage September 5, 2022

Conclusion

Only a company that continues to use four-digit pins for member account access could use password Qwerty1234 for their internal sensitive data.

I hope that IHG has learned a valuable lesson that it usually is costly, in the end, if they choose to go with the lowest cost bidder and decimate their internal IT competence, as, unfortunately, many companies have done.

It doesn’t appear to have been that difficult for this hacker group from Vietnam to penetrate IHG’s systems and go for the wipe.