WHAT HAPPENS IN VEGAS Massive data breach exposes info of 10.6 MILLION MGM Resorts guests including Justin Bieber and Twitter CEO
MORE than 10.6 million guests who stayed at MGM Resorts hotels have had their personal details published on a hacking forum, according to a report. Within the leaked files was information belonging to the likes of singer Justin Bieber, Twitter CEO Jack Dorsey and a number of government officials, ZDNet reported.
ZDNet, a technology news website, verified the authenticity of the data on Wednesday by working with a security researcher at Under the Breach, data breach monitoring service that is soon to launch. A spokesperson for MGM Resorts confirmed the incident in an email.
The analysis showed that the data dump had contained the personal details of 10,683,188 former hotel guests – including home addresses, phone numbers, emails and dates of birth. MGM Resorts International has resorts in Detroit, Mississippi, Maryland, and New Jersey, as well as Las Vegas's famous Bellagio, Mandalay Bay, MGM Grand, and The Mirage. In order to verify the accuracy of the information, ZDNet reached out to past guests, who confirmed their time at the hotel and the durations of their stays.
Once the information was verified, the report said, MGM Resorts' security team was contacted and was able to verify the data and link it to a past security incident. The information that was leaked reportedly stems from a security breach that took place in July 2019, with customers reportedly being notified in August 2019. This breach initially went under the public radar, ZDNet said, but has recently brought to the fore after the data was dumped on a popular-but-unnamed hacking forum this week.
The hotel chain told ZDNet that the data dumped online was old, and none of the residents contacted by the website had stayed at the hotel past 2017. A spokesperson said in a statement sent to The Sun: "Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. '"We are confident that no financial, payment card or password data was involved in this matter. "MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws."
The company said that it retained two cybersecurity forensic firms to conduct an internal investigation into the server exposure last year. They added: "At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again." Some phone numbers were disconnected, while others were still tied to the necessary person. A similar but much larger incident took place in 2018, when Marriott Hotels revealed that a data breach could have impacted 500 million of its customers.
https://www.the-sun.com/news/427375/mgm-resorts-data-breach-10-million-justin-bieber/