www.msn.com Open in urlscan Pro
204.79.197.203  Public Scan

Form analysis
1 forms found in the DOM

GET https://www.bing.com/search?scope=web

<form data-form-code="MSN159" elementtiming="TTVR.SearchBox"
  data-t="{&quot;n&quot;:&quot;headersearch&quot;,&quot;t&quot;:9,&quot;a&quot;:&quot;submit&quot;,&quot;b&quot;:50,&quot;d&quot;:&quot;https://www.bing.com/search?scope=web&quot;,&quot;c.t&quot;:30}" id="srchfrm" role="search"
  action="https://www.bing.com/search?scope=web" target="_blank" method="get" class="form-DS-EntryPoint1-1 form-DS-EntryPoint1-2">
  <div class="alignSearchElements-DS-EntryPoint1-1 alignSearchElements-DS-EntryPoint1-2">
    <div class="inputContainer-DS-EntryPoint1-1 inputContainer-DS-EntryPoint1-2"><input name="q" placeholder="" title="Enter your search term" autocomplete="off" maxlength="250" aria-label="Enter your search term" id="q" accesskey="S" type="search"
        class="input-DS-EntryPoint1-1 input-DS-EntryPoint1-2"></div>
    <div class="buttonContainer-DS-EntryPoint1-1 buttonContainer-DS-EntryPoint1-2"><button title="web search" id="sb_form_go" class="button-DS-EntryPoint1-1 button-DS-EntryPoint1-2"><svg width="28" height="28" viewBox="0 0 20 20" fill="none"
          xmlns="http://www.w3.org/2000/svg">
          <path
            d="M8.5,3 C11.5375661,3 14,5.46243388 14,8.5 C14,9.74832096 13.5841223,10.8995085 12.8833584,11.8225711 L17.0303301,15.9696699 C17.3232233,16.2625631 17.3232233,16.7374369 17.0303301,17.0303301 C16.7640635,17.2965966 16.3473998,17.3208027 16.0537883,17.1029482 L15.9696699,17.0303301 L11.8225711,12.8833584 C10.8995085,13.5841223 9.74832096,14 8.5,14 C5.46243388,14 3,11.5375661 3,8.5 C3,5.46243388 5.46243388,3 8.5,3 Z M8.5,4.5 C6.290861,4.5 4.5,6.290861 4.5,8.5 C4.5,10.709139 6.290861,12.5 8.5,12.5 C10.709139,12.5 12.5,10.709139 12.5,8.5 C12.5,6.290861 10.709139,4.5 8.5,4.5 Z"
            fill="#ffffff"></path>
        </svg></button></div>
  </div><input name="form" type="hidden" value="MSN159"><input name="refig" type="hidden" value="f1a5201d82524c3c8df782530584b8c6"><input name="mkt" type="hidden" value="en-us">
</form>

Text Content

msn_logomsn



Sign in to your account
Sign in



React

Comments|



56




Hackers have told the BBC they carried out a destructive cyber-attack against
Holiday Inn owner Intercontinental Hotels Group (IHG) "for fun".



Describing themselves as a couple from Vietnam, they say they first tried a
ransomware attack, then deleted large amounts of data when they were foiled.

They accessed the FTSE 100 firm's databases thanks to an easily found and weak
password, Qwerty1234.



An expert says the case highlights the vindictive side of criminal hackers.

UK-based IHG operates 6,000 hotels around the world, including the Holiday Inn,
Crowne Plaza and Regent brands.

On Monday last week, customers reported widespread problems with booking and
check-in.

For 24 hours IHG responded to complaints on social media by saying that the
company was "undergoing system maintenance".

Then on the Tuesday afternoon it told investors that it had been hacked.

"Booking channels and other applications have been significantly disrupted since
yesterday," it said in an official notice lodged with the London Stock Exchange.

 * Holiday Inn hotels hit by cyber-attack
 * Holiday Inn hotels hit by payment hack

The hackers, calling themselves TeaPea, contacted the BBC on the encrypted
messaging app, Telegram, providing screenshots as evidence that they had carried
out the hack.

The images, which IHG has confirmed are genuine, show they gained access to the
company's internal Outlook emails, Microsoft Teams chats and server directories.




"Our attack was originally planned to be a ransomware but the company's IT team
kept isolating servers before we had a chance to deploy it, so we thought to
have some funny [sic]. We did a wiper attack instead," one of the hackers said.

A wiper attack is a form of cyber-attack that irreversibly destroys data,
documents and files.




Cyber-security specialist Rik Ferguson, vice-president of security at Forescout,
said the incident was a cautionary tale as, even though the company's IT team
initially found a way to fend them off, the hackers were still able to find a
way to inflict damage.



"The hackers' change of tactic seems born out of vindictive frustration," he
said. "They couldn't make money so they lashed out, and that absolutely betrays
the fact that we are not talking about 'professional' cybercriminals here."

IHG says customer-facing systems are returning to normal but that services may
remain intermittent.

The hackers are showing no remorse about the disruption they have caused the
company and its customers.

"We don't feel guilty, really. We prefer to have a legal job here in Vietnam but
the wage is average $300 per month. I'm sure our hack won't hurt the company a
lot."

The hackers say no customer data was stolen but they do have some corporate
data, including email records.

TeaPea say they gained access to IHG's internal IT network by tricking an
employee into downloading a malicious piece of software through a booby-trapped
email attachment.

They also had to bypass an additional security prompt message sent to the
worker's devices as part of a two-factor authentication system.




The criminals then say they accessed the most sensitive parts of IHG's computer
system after finding login details for the company's internal password vault.



"The username and password to the vault was available to all employees, so
200,000 staff could see. And the password was extremely weak," they told the
BBC.

Surprisingly, the password was Qwerty1234, which regularly appears on lists of
most commonly used passwords worldwide.

"Sensitive data should only be available to employees who need access to that
data to do their job, and they should have the minimum level of access [needed]
to use that data," said Mr Ferguson, after seeing the screenshots.

"Even a highly complex password is just as insecure as a simple one if it is
left exposed."

An IHG spokeswoman disputed that the password vault details were not secure,
saying that the attacker had to evade "multiple layers of security", but would
not give details about the extra security.

"IHG employs a defence-in-depth strategy to information security that leverages
many modern security solutions," she added.



Microsoft may earn an Affiliate Commission if you purchase something through
recommended links in this article.



Continue reading
Start the conversation



--------------------------------------------------------------------------------

Sponsored Content
SPONSORED CONTENT
4 Cards With Massive Sign Up Bonuses (Get $200 Fast)Need Cash? How to Access
Your Home's EquityCanadians Are Rushing To JoinThese Retailers Are Getting Away
With Overcharging Their Customers
Ad


TRENDING STORIES
 1. Roberts and Kavanaugh Issue a Surprise Warning Shot to Conservative
    LawyersSlate
 2. Wagner boss: It's prisoners fighting, or your childrenBBC News
 3. Gavin Newsom asks DOJ to consider 'kidnapping' charges after GOP governors
    ship migrants out of stateFOX News
 4. Harry set to wear Army uniform as Queen’s grandchildren hold vigil at
    coffinEvening Standard


MORE FOR YOU


 * © 2022 Microsoft

 * Privacy & Cookies
 * Terms of use
 * Advertise


Feedback