In September 2022, IHG (InterContinental Hotels Group) — owner of brands such as Holiday Inn and Crowne Plaza, with thousands of hotels worldwide — had its reservation systems and apps taken down by a cyberattack. Guests and franchisees felt the disruption globally, and the case gained notoriety when the attackers themselves gave an interview to the BBC.
A couple from Vietnam, self-styled "TeaPea", explained how they got in: a phishing email tricked an employee, they bypassed multi-factor authentication, and reached the company's internal password vault — protected by a weak, easily guessable password. From there, they accessed the most sensitive systems on the network. The initial intent was ransomware; when blocked in that effort, they turned to data destruction out of pure spite, as detailed by Infosecurity Magazine.
What actually brought the operation down
The attack did not rely on a sophisticated technical exploit. It relied on three common failures chained together: a person deceived by phishing, a second authentication factor that could be bypassed, and — the decisive link — a credentials vault protected by a trivial password. When privileged access falls into the wrong hands, the rest of the network becomes an open door. And, because the goal shifted to destruction, the absence of isolated backups would have turned the incident into a permanent loss.
Does your company protect privileged access with the same rigor it uses to protect the front door?
The IHG case is a prevention roadmap. Phishing awareness and simulation training reduce the first click. Phishing-resistant MFA prevents the second factor from being bypassed. Privileged access management and a password vault with a strong policy keep a single credential from becoming a master key. 24/7 detection and response contain the intruder before exfiltration or destruction. And isolated, tested backups ensure that even in the worst-case scenario, data can be recovered. None of these layers are exotic — they are exactly what managed IT services implement and monitor on an ongoing basis.