How the Hotel Group Hackers Benefited From Weak Passwords

The hackers have spoken up to explain their hack of the huge hotel group: "We don't feel guilty, really."

One of the biggest hotel groups in the world recently suffered a cyberattack, losing vast swathes of data. Now, we know more details: The hackers say they are a couple from Vietnam, and that they were able to access the group’s databases with the particularly weak password “Qwerty1234.”

The hackers had tried and failed to pull off a ransomware attack that would have locked away the hotel group’s data. If they’d been successful, it would have been a huge coup, given the 6,000 hotels owned by Intercontinental Hotels Group (IHG), which include familar names like Holiday Inn, Crowne Plaza, and Regent.

When the ransomware approach failed, the couple pivoted to a more destructive path: Burning it all down with a wiper attack to permanently destroy the hotel group’s data.

Hotel Hackers Destroyed Data for “Fun”

The inside information comes from the hackers, who called themselves “TeaPea.” They reached out to the BBC through the encrypted messaging app Telegram, including screenshots of their efforts for verification, which IHG has confirmed are genuine.

“Our attack was originally planned to be a ransomware but the company’s IT team kept isolating servers before we had a chance to deploy it, so we thought to have some funny [sic]. We did a wiper attack instead,” one of the hackers explained.

The name “wiper” refers to the concept of wiping a hard drive, irreversably erasing the data on it, although a wiper attack itself can refer to any malicious software that’s designed to destroy data.

The Bonnie-and-Clyde hackers also let the BBC in on their guilt, or lack thereof, citing depressed wages in their country as a motivation for their turn to cyber crime:

“We don’t feel guilty, really. We prefer to have a legal job here in Vietnam but the wage is average $300 per month. I’m sure our hack won’t hurt the company a lot.”

How to Stay Safe From Ransomware and Wiper Attacks

It’s hard to overstate how large an issue ransomware is for businesses around the globe in 2022. This style of cyberattack has made up a whopping 70% of all cyberattacks that have been reported across the past 12 months, according to recent report.

As Content Manager Jade Artry noted while covering that report, one of the takeaways is that attackers tend to look for weak links when scouting for potential victims:

“Attackers, it said, are particularly ‘opportunistic’ and will scan the internet in search of systems where they might leverage specific vulnerabilities, making businesses with weaker internet facing defenses all the more vulnerable.”

In other words, the bad actors behind ransomware attacks aren’t necessarily hardened master criminals themselves; they’re just biding their time until they spot an opportunity. And as the IHG hackers prove, sometimes that opportunity is as obvious as QWERTY1234.

The right password management tool could have stopped the hackers from accessing the IHG database, as it would have suggested a far more complex password, which users wouldn’t have needed to remember all on their own.

Tech services may phase out passwords entirely in the near future, largely due to security breaches like this. Until then, your business should check that its passwords aren’t the most crackable ones around.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Adam is a writer at and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' is out from Abrams Books in July 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals