A story that’s been circulating over the past week — “Hotel ransomed by hackers as guests locked in rooms” — should be taken with a little more than just a pinch of salt.
According to a report (since amended) by The Local, the computer system at the four-star Austrian hotel, the Seehotel Jaegerwirt, was hacked and its electronic key system hijacked. Guests were reportedly locked in their rooms by hackers until a Bitcoin ransom worth €1,500 was paid. As a result of the hack, the hotel’s managers have decided to change from electronic locks to good old-fashioned keys.
“the only problem was that we could not program keycards.”
It’s a juicy story, but not entirely correct. Speaking to The Verge, Christoph Brandstätter, the hotel’s managing director, confirmed that not only were guests not locked in their rooms, the rooms were not remotely locked at all. “We were a little bit surprised about that press really because nobody was locked in their room,” said Brandstätter. “We had a cyber attack but the only problem was that we could not program keycards for the guests checking in on the same day.” He added: “The keycards and the computers were affected, but the doors were not.”
So, if you were imagining some Hollywood-style scene, where hackers take over the computer system and all of a sudden, up and down the hotel, there’s the sound of locks clicking resolutely shut — don’t. Instead, picture a frustrated clerk sitting at the front desk and wondering why they can’t program a new keycard.
Brandstätter points out that even with hotels like Jaegerwirt that use electronic keycards, there are always failsafes so people can get in and out of rooms. “The police wouldn’t ever let [us] lock the rooms via computers,” he told The Verge.
But that’s not to say that there wasn’t an attack, or that it wasn’t serious. Brandstätter confirms that hackers did indeed compromise the hotel’s computers, encrypting their data to stop access. The company that handles the hotel’s IT systems then had to pay a ransom in Bitcoin to get them back. And it is the fourth time the hotel has been targeted like this. The only reason the news came out this time round is because Brandstätter decided to issue a press release to raise awareness in the industry.
“We’ve seen that many, many Austrian hotels have been hacked. And then we decided to make a press release for other hotels to be aware,” said Brandstätter. “The police told us: ‘You’re in good company.’”
Whether the story was exaggerated on purpose isn’t clear
It’s this press release that seems to have been misinterpreted — either accidentally or deliberately. Although it was a report by The Local that was quoted by many English-language publications, the story seems to have originated with copy from a news agency called Central European News. The Local’s source for the story was CEN, which described in its own coverage (published January 27th) how “cyber blackmailers [...] locked scores of guests in their rooms.” To give some context on this publication you’ve probably never heard of, CEN has previously been described as “The King of Bullsh*t News” by BuzzFeed, which detailed how the agency’s exaggerated stories get picked up and republished by more reputable newspapers and websites. (For the record, CEN is currently suing BuzzFeed for defamation in a case worth $11 million.)
One pleasing detail about the Jaegerwirt saga really is true though — the hotel is giving up on keycards and switching back to old-fashioned keys. Brandstätter says he just doesn’t want the hassle of getting hacked again.