Hackers demand $1.5 million to not leak data on top Vegas hotel

Las Vegas strip — (Image credit: Future / Mike Moore)

ShinyHunters claim breach of Wynn Resorts, leaking 800,000 employee records
Group demands 23.34 Bitcoin (~$1.55m) to delete stolen data
Access allegedly gained via Oracle PeopleSoft vulnerability using employee credentials

The infamous ransomware operators ShinyHunters seem to have hit yet another Las Vegas hotel and casino giant, as after Caesars Entertainment and MGM Resorts (which were struck in September 2023), the group has now apparently Wynn Resorts.

The group recently added Wynn to its data leak website, saying it had obtained more than 800,000 records, and shared a small sample to prove the authenticity of its claims - giving Wynn a deadline of February 23 2026 to either pay up, or see the data leaked onto the dark web.

The hackers is asking for 23.34 Bitcoin, equaling roughly $1.55 million, in exchange for deleting the data, which it says is the “starting price”, suggesting that it is ready to negotiate a lesser sum.

No comment yet

In the meantime, the sample was analyzed by researchers at The Register, and allegedly it contains Wynn Resorts’ employees’ full names, emails, phone numbers, positions, salaries, start dates, birth dates, and “other personal information”.

This is more than enough to craft highly convincing phishing emails through which attackers can steal login credentials, conduct wire fraud, and more.

The hotel has not yet issued a statement about the claims, nor has it responded to media inquiries. We don’t know exactly how the incident took place - it was either via stolen credentials, or through a vulnerability in internet-connected hardware such as firewalls.

ShinyHunters is currently one of the most active threat actors, who have recently broken into dozens of organizations through vishing (voice phishing) scams. They would impersonate technical support, or IT operatives, and trick the victim into resetting their 2FA and login credentials, and then access the system via Okta single sign-on or a similar service.

In this case, however, a member of the group told The Register they accessed Wynn's systems in September 2025 via an Oracle PeopleSoft vulnerability using an employee's credentials.

The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.