News

Las Vegas MGM was hacked; details of over 10 million guests exposed online

A data breach has compromised the information of millions of people who have stayed at MGM Resorts hotels, including Las Vegas’ MGM Grand. According to an information security firm, the personal data of 10.5 million customers of the hotel chain were extracted from the company’s databases and posted on a hacking forum. The compromised information includes details of celebrities, athletes, entrepreneurs and government officials from all over the world.

According to an analysis by security firm
ZDNet, the shared information contains a total of 10, 683,188 records belonging
to former guests in the hotel chain. Among the exposed data we can find:

  • Full
    names
  • Addresses
  • Email
    addresses
  • Phone
    numbers
  • Birth
    dates

After questioning the hotel chain, a representative of MGM Resorts said their information security team was already aware of the incident, as it was detected more than a year ago. In addition, the spokesperson stated that users were notified as soon as the data breach was detected, and that the posting of this information on the hacking forum occurred just a few days ago. “We are confident that financial information as payment card data or confidential numbers were not compromised during this incident,” the spokesperson added.

The MGM Resorts’ database, found in a Russian-speaking forum
SOURCE: ZDNet

However, not everyone trusts the company’s
official position. For example, Irina Nesterovsky, research director at information
security firm KELA, says the MGM Resorts database began circulating various
hacking forums from July 2019. In addition, the researcher suggests that those
responsible for the leak are related to GnosticPlayers,
a hacker (or hacker group) associated with various incidents of data breaches.

Given the nature of the data breach, the
information exposed can be very useful for multiple hacker groups. Malicious
activities that users might be exposed to include SIM exchange attacks,
phishing campaigns, harassment, and extortion, among other variants of fraud.

Although the hotel chain claims that the
information exposed is outdated, the International Institute of Cyber Security (IICS)
considers the incident to expose users equally, as the sophistication of hacker
groups allows generate detailed profiles even on the basis of inaccurate or old
information.  

You Might Also Like