The personal details of more than 10.6 million guests staying at MGM Resorts were posted on a hacking forum this week,media reported. In addition to ordinary visitors, the newly exposed information includes celebrities, technology company bosses, journalists, government officials and employees from the world’s largest technology companies.
A spokesman for MGM Resorts confirmed the incident by email.
What did you leak?
According to analysis bymedia ZDNet, the MGM data dump, which was released today, contains the personal details of 10,683,188 guests who had stayed at the MGM hotel.
The leaked documents contain personal details such as full name, home address, phone number, email, and birthday.
ZDNet contacted a number of hotel guests to confirm that they had stayed at the hotel and the accuracy of the data contained in their schedules and leaked documents.
As a result, they were confirmed by international business travelers, journalists attending technical meetings, CEOs attending business meetings, and government officials traveling to the Las Vegas branch.
MGM Resorts says it notified guests last year
A MGM spokesman told ZDNet that a security incident occurred last year at a data source that was posted online.
“Last summer, we discovered unauthorized access to a cloud server that contained some of the information previously provided to certain guests at MGM Resorts. We are confident that this incident does not involve any financial, payment card or password data issues. “
The hotel chain said it would notify all affected hotel guests in a timely manner in accordance with applicable state law.
MGM Resorts also told ZDNet that it hired two cyber security forensics firms to conduct an internal investigation into last year’s server data breach.
“At MGM Resorts, we take our responsibility to protect visitor data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again,” the company said. “
Potential dangers of SIM exchange and spear fishing
Despite the attention of MGM’s security incident last year, the data dump, which was released this week on a human-gas hacking forum, has attracted the attention of many hackers.
Under the Breach, which discovered the vulnerability and notified reporters, highlighted the high sensitivity of the vulnerability. The company told ZDNet that these users now face a higher risk of receiving spear phishing emails and replacing sMs.
They saw the names of Twitter CEO Jack Dorsey, pop singer Justin Bieber and DHS and TSA officials in the leaked documents, according to Underthe Breach.
In response, MGM Resorts told ZDNet that the data was old. ZDNet said it did confirm this from all hotel guests who called today, who have not been to the hotel since 2017. In addition, some of the phone numbers dialed by themedia are no longer available, although many are still available and someone has answered the phone.