Hackers have told the BBC they carried out a destructive cyber-attack against Holiday Inn owner Intercontinental Hotels Group (IHG) “for fun”.
Describing themselves as a couple from Vietnam, they say they first tried a ransomware attack, then deleted large amounts of data when they were foiled.
They accessed the FTSE 100 firm’s databases thanks to an easily found and weak password, Qwerty1234.
An expert says the case highlights the vindictive side of criminal hackers.
UK-based IHG operates 6,000 hotels around the world, including the Holiday Inn, Crowne Plaza, and Regent brands.
On Monday last week, customers reported widespread problems with booking and check-in.
For 24 hours IHG responded to complaints on social media by saying that the company was “undergoing system maintenance”.
Then on a Tuesday afternoon it told investors that it had been hacked.
“Booking channels and other applications have been significantly disrupted since yesterday,” it said in an official notice lodged with the London Stock Exchange.