Leaked Details Of 142 Million MGM Hotel Guests Found For Sale On Dark Web
MGM Resorts had suffered a data breach last year and it was reported that personal information such as name, email address, and mobile number of roughly 10.6 million (1.06 crore) guests were compromised. However, it appears the data breach was much larger than initially reported, and it is reported that over 142 million (14.2 crore) MGM Hotel guests’ data might have been impacted. According to a report, the latest data breach-information of MGM guests came to light over the weekend after a hacker posted an advertisement on a dark web cybercrime marketplace. The hacker appeared to be selling information for $2,940 (roughly Rs. 2.21 lakhs).
The company that owns popular hotel chains such as Bellagio, Aria, MGM Grand, Mandalay Bay, Park MGM, Mirage, Luxor and Excalibur in Las Vegas, had faced a data breach in summer 2019 when attackers accessed a cloud server that contained information of certain previous guests of MGM Resorts.
The development came to light in February this year, when the leaked data appeared on a hacking forum. MGM had never made the security breach public, but notified impacted customers, the report stated.
In the ad, the hacker makes a connection between the newly advertised credentials and a previously known leak of personal details of more than 10.6 million guests who had stayed at MGM Resorts. That breach, news of which surfaced in February, was attributed to unauthorized access to a misconfigured cloud server that occurred at the hotel chain last summer.
The MGM details came from a data breach on the hotel last year, in which a hacker gained unauthorized access to a cloud server that contained information on previous guests. The chain said it has notified all those impacted, as required by state laws.
The person who posted the ad claims the data actually comes from a recent attack on DataViper, a data leak monitoring service, but the company denies owning a copy of the full MGM database and says the hacker is trying to ruin the firm’s reputation.
Amazingly, the actual number of affected guests could be even higher, with posts on Russian hacking forums claiming there are details of 200 million people on the list.