Weak Password Cause in ‘Just For Fun’ Hack

High-profile hacks are not uncommon these days. Large companies and organizations are consistently subjected to cyberattacks. However, rarely do we hear one quite like this: The latest hack we’re following in the news targeted Intercontinental Hotels Group (IHG), the owner of Holiday Inn, who were hacked due to a significantly weak password. According to the BBC, the hackers, calling themselves
September 19, 2022
 / 
meritsolutions
 / 
Image

High-profile hacks are not uncommon these days. Large companies and organizations are consistently subjected to cyberattacks. However, rarely do we hear one quite like this: The latest hack we’re following in the news targeted Intercontinental Hotels Group (IHG), the owner of Holiday Inn, who were hacked due to a significantly weak password.

According to the BBC, the hackers, calling themselves TeaPea, claim they are a couple from Vietnam, who wanted to go through with the hack, “just for fun.” TeaPea initially attempted a ransomware attack, but, once that failed, the alleged couple simples “deleted large amounts of data.” TeaPea reached out to the BBC via Telegram, and sent screenshots proving they broke intro the network and accessed Outlook emails, Teams chats, in addition to other sensitive information.

The hack affected IHG’s properties abilities to do business, with customers complaining of issues with booking rooms and checking-in. While IHG took a full day to claim “system maintenance” was the cause of the issues, the company eventually relented, and admitted to investors on Tuesday the hack was the true cause.

It’s not the lackadaisical attitude nor the vicious data deletion that has garnered the most attention, however. Rather, it’s the fact TeaPea was able to break into the network due to a weak password. The password in question? Qwerty1234.

It’s a telling reminder that weak passwords are a risk at all levels of an organization. No matter where you stand in your company, your accounts’ passwords need to be strong and unique. In addition, you need to be using MFA (multi-factor authentication) whenever possible.

Share This

Leave a Reply

There are currently no comments. Why don't you kick things off?