Skip to main content

Details of 10 million MGM hotel guests leaked online

(Image credit: Shutterstock / Andrew Zarivny)

Hackers have published the details of 10.6 million guests of MGM Resorts hotels to an online hacking forum.

The data was acquired in the summer after attackers gained access to MGM servers, though the breach went under the radar at the time.

The leaked files contained data relating to regular patrons, but also contact information for celebrities and government officials. Twitter CEO Jack Dorsey and pop star Justin Bieber are just two of many high profile individuals affected.

MGM Resorts operates US premises in Las Vegas, Atlantic City and Detroit, and further resorts in China and Japan.

MGM data breach

The majority of data stolen by attackers was “phonebook information”, such as names, telephone numbers and email addresses, some of which was publicly available prior to the breach.

However, 1,300 guests were also informed more sensitive information had been lifted, including passport numbers.

“Last summer, we discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,” confirmed MGM. 

“We are confident that no financial, payment card or password data was involved in this matter.”

Though no financial information was leaked, the information made available on a public hacking forum is sufficient for cybercriminals to perform other varieties of attack, including spear-phishing emails and SIM jacking.

The company has expressed regret over the incident, and claims it will introduce measures to ensure another breach of this kind does not occur in future.

“At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again,” it said.

Via ZDNet