• Around 1,300 former guests were notified that sensitive information including passport numbers was revealed.
  • The leaked data is a treasure trove for attackers with high profile targets.

Hackers published the personal data of more than 10.6 million users who stayed at MGM Resorts hotels, on a hacking forum this week.

MGM has resorts in Las Vegas, Atlantic City, and Detroit in the USA. Other than these, it owns property in China and Japan and is developing a new resort in Dubai.

About the incident

Those affected due to the breach include regular tourists, celebrities, tech CEOs, government officials, reporters, and professionals from the world's largest tech companies.

  • The MGM data dump contains personal details for 10,683,188 former hotel guests.
  • The leaked files included the personal details such as full names, home addresses, phone numbers, emails, and dates of birth.
  • Around 1,300 former guests were notified that sensitive information including passport numbers was revealed.
  • A further 52,000 customers were told that less sensitive personal information was exposed.

Researchers reached out to the past guests of MGM and confirmed the data included in the leaked files.

MGM's Response

Also, a spokesperson for MGM Resorts verified the incident via email.

  • As per the hotel chain, it discovered unauthorized access to a cloud server last year that contained a limited amount of information on previous guests.
  • It is confident that no financial, payment card or password data has leaked in this incident.
  • The hotel chain said it promptly notified all affected guests in compliance with applicable state laws.

What actions were taken?

MGM consulted with two cybersecurity forensics firms to conduct an internal investigation into the breach.

MGM said, "we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again."

Risks faced by the victims

Though MGM's security incident happened last year, the data now being dumped on a popular hacking forum this week may have turned on other hackers.

  • The leaked data is a trove for attackers with high profile targets.
  • Some of the big names include Twitter CEO Jack Dorsey, pop star Justin Bieber, and DHS and TSA officials.
  • There’s a potential danger of sim swapping and spear-phishing to the victims of the leak.

In hotels and resorts breach, Marriott hotels leak in 2017 is still on the top with 500 million guests data breach by the Chinese state-sponsored hackers.

Cyware Publisher