More information has come out of the IHG hack that took down its entire IT system.

After claiming for more than a day that it was going through a system maintenance, IHG released a statement saying that it had indeed been hacked.

There is a way to access IHG here.

Ihg One rewards rate and bonus points offers are currently available.

TeaPea, a hacker group from Vietnam, shared information about the hack with the British Broadcasting Corporation.

The hackers decided to destroy data because they couldn't execute Ransomware.

“Our attack was originally planned to be a ransomware but the company’s IT team kept isolating servers before we had a chance to deploy it, so we thought to have some funny [sic]. We did a wiper attack instead,” one of the hackers said.

A wiper attack is a form of cyber-attack that irreversibly destroys data, documents and files.

Qwerty1234 was used as the internal password.

TeaPea say they gained access to IHG’s internal IT network by tricking an employee into downloading a malicious piece of software through a booby-trapped email attachment.

The criminals then say they accessed the most sensitive parts of IHG’s computer system after finding login details for the company’s internal password vault.

“The username and password to the vault was available to all employees, so 200,000 staff could see. And the password was extremely weak,” they told the BBC.

Surprisingly, the password was Qwerty1234, which regularly appears on lists of most commonly used passwords worldwide.

IHG Hack Timeline:

  • Website and app went down at 9 PM ET on Sunday (September 4)
  • Website and app were briefly up between 11 AM and 1 PM ET on Monday (September 5)
  • IHG Releases a statement about the hack on Tuesday afternoon (September 6)
  • Website and app back online (booking functionality) at 11:30 PM ET on Tuesday

Previous IHG Hack Coverage:

It was the conclusion.

Only a company that still uses four-digit pins for account access can use a password for sensitive data.

I hope that if they choose to go with the lowest cost bidder, they will learn a valuable lesson that is costly in the end.

It doesn't appear that it was difficult for the hacker group from Vietnam to get into the system.