MGM Resorts data breach exposes details of 10.6 million guests


A number of celebrities, government officials and tech CEOs were also caught up in the incident.

The personal information of more than 10.6 million former guests of MGM Resorts hotels has been leaked on a hacking forum. The data dump contained a range of Personally Identifiable Information (PII), including full names, home addresses, phone numbers, emails, and birth dates, according to an exclusive ZDNet report.

The list of victims includes celebrities, CEOs of tech companies, well-known reporters, and government officials. Justin Bieber and Twitter CEO Jack Dorsey are both known to be among the high-profile victims.

An MGM spokesperson confirmed for the tech site that the leaked information comes from a data breach that occurred sometime in July last year: “Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.”

The spokesperson went on to add that the company was confident that no financial, payment card or password data were leaked in the data dump.

The casino and hotel giant also stated that it takes this breach seriously and that it’s beefing up its security to prevent any such incidents in the future: “At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.”

The data were verified by ZDNet with the help of a security researcher from a data breach monitoring service called Under the Breach.

The hotel guests who were affected by the breach were notified by the hotel chain in August, with some posting about it on a message board aimed at the city’s visitors.

MGM Resorts said that the stolen information is old, a claim that could be backed by the fact that none of the contacted guests have stayed at the hotel past 2017.

The leaked information could be a gold mine for bad actors since it includes the personal details of many potential high-profile targets. The data can be used for spearphishing campaigns or for SIM swapping attacks, a technique used to hack into Jack Dorsey’s Twitter account last year.

Hotel chains are no strangers to large-scale data breaches, which can, in many cases, haunt businesses for years. The MGM leak appears small compared to the Marriot Starwood data breach, which affected hundreds of millions of people. The Trump Hotel Collection and the InterContinental Hotels Group also suffered similar incidents in the past few years.

written by Amer Owaida, ESET We Live Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s