Security

Cyberattack hits Omni Hotels systems, taking out bookings, payments, door locks

As WhatsApp, Facebook Messenger, other Meta bits plus Apple stuff fall offline today


Updated Omni Hotels & Resorts' computer systems have been offline since Friday due to what the American luxury hospitality chain called a "disruption."

Latest: We now know that a cyberattack forced the Texas-based corporation to take parts of its IT environment down, as we've reported in an update below. What follows is our article as published.

On April 1, Omni, which owns more than 50 properties across the US and Canada, confirmed it was suffering an outage via social media:

Dear valued guests, our technology teams are continuing to work on restoring our systems that are currently down. Your business is very important to us; we appreciate your patience and apologize for the disruption. Please check back here for updates.

Neither Omni nor TRT Holdings, which owns the hotel chain, could answer The Register's specific inquiries about the IT breakdown, including whether it was due to a ransomware infection and when it anticipated restoring normal operations.

As of Wednesday, the corporation's phone systems weren't working, and a pre-recorded message tells callers: "We are currently experiencing technical difficulties."

Reportedly the chain-wide outage began on Friday and shut down reservation, hotel room door lock, and point-of-sale (POS) systems.

Don't worry: Bar still open!

On Reddit, guests at locations across the country confirmed systems were broken, noted that the bar was still open (at least in the Washington DC location) —  and reminded folks to be courteous to hotel staff, who were roundly praised for their grace in what was sure to be a rough Easter weekend. 

"Checking in on paper, no card machines work, even room keys do not work," said one hotel guest who was staying at the Louisville Omni. "Everyone has to be escorted to their room by an employee and the phones and Wi-Fi are down."

Another guest said getting into your room required texting the hotel staff to unlock the door, which took 30 minutes or more.

One Reddit user, who claimed to be a "low-level" Omni employee, said their hotel was only accepting reservations made prior to the outage. The whole situation is "a mess for every party involved. It has been a very stressful work weekend," the netizen vented on the forum.

"We all feel terrible for the inconvenience for all the guests and the stress of not knowing if we'll be able to earn an income during the downed server. For all of you staying at properties, and have chosen to stay, thank you – Omni will surely lose millions over this attack and lose loyal customers. I promise my property will do anything we can to make this inconvenience as smooth as possible."

While neither the resort chain nor its parent company have indicated that cybercriminals are responsible for the downed IT systems, the outage does draw many parallels to the MGM Resorts ransomware infection in September.

Scattered Spider, the crime gang believed to be responsible for both the MGM and Caesars Entertainment digital intrusions, reportedly bragged that all it took to break into MGM's networks was a 10-minute call hoodwinking a help desk.

MGM famously did not pay the ransom demand, then suffered nearly a week of outages, operational disruptions, and the wrath of angry customers. It later said the incident cost it about $100 million in losses, plus its stolen data was reportedly leaked not long after. ®

Updated to add at 2200 UTC

Omni has admitted what many suspected: The hotel chain's computer woes are due to an attack on its IT environment, and we're told services are being restored.

"Since Friday, March 29, Omni Hotels & Resorts has been responding to a cyberattack on its systems," the biz said in a statement.

"Upon learning of this issue, Omni immediately took steps to shut down its systems to protect and contain its data. As a result, certain systems were brought offline, most of which have been restored.

"As our team works diligently to restore the remainder of the systems to full functionality, we continue to welcome our guests and accept new reservations. We apologize for the disruption and inconvenience this cyberattack is causing."

A security firm has been brought in to investigate what, if any, data was lost or stolen, and the true extent of the attack.

Speaking of outages... Now Meta and Apple

If you're having problems using WhatsApp, Facebook Messenger, Instagram, and Meta's ad tools right now or earlier today, it's not you – they are or were down around the world, too.

"We are currently experiencing an outage impacting service on Messenger Platform," the social network giant said in a status update today. "This issue started at 04-03-2024 at 1110 AM PST. Our engineering teams are investigating the issue."

The Ads Transparency suite is also knackered, as is the WhatsApp Business Cloud API and the main mobile chat app, with messages being undelivered for users.

"We are aware that some advertisers may be having trouble creating or editing their ads in Ads Manager," Meta added (no pun intended). "Our engineering teams are aware and are actively looking to resolve the issue as quickly as possible."

That said, some netizens say services are coming back online and working again from being unavailable, so your mileage may vary.

Also, Apple suffered downtime today, with the iOS and macOS App Stores, Apple Music, Apple TV channels, and other services, experiencing an hour-plus outage from 1513 to 1635 PT.

Send us news
18 Comments

Garmin Connect outage leaves folks unable to share their fitness virtue signaling

RUN/STOP

Fortinet: FortiGate config leaks are genuine but misleading

Competition hots up with Ivanti over who can have the worst start to a year

Azure, Microsoft 365 MFA outage locks out users across regions

It's fixed, mostly, after Europeans had a manic Monday

Capital One two-day outage leaves customers in free-fall

Third-party supplier blamed as folks left unable to access funds

Medusa ransomware group claims attack on UK's Gateshead Council

Pastes allegedly stolen documents on leak site with £600K demand

Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts

FSB cyberspies venture into a new app for espionage, Microsoft says

China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says

We are only seeing 'the tip of the iceberg,' Easterly warns

Crypto klepto North Korea stole $659M over just 5 heists last year

US, Japan, South Korea vow to intensify counter efforts

FBI wipes Chinese PlugX malware from thousands of Windows PCs in America

Hey, Xi: Zài jiàn!

Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used

Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg

Microsoft sues 'foreign-based' cyber-crooks, seizes sites used to abuse AI

Scumbags stole API keys, then started a hacking-as-a-service biz, it is claimed

Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days

'Codefinger' crims on the hunt for compromised keys