Leading American hospitality and entertainment company , MGM Resorts International has revealed that the confidential personal details of some 10.6 million of its customers have been compromised and released on to an online hacking forum platform
A spokesman for the firm stated: “Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter.”
However, the MGM Resorts’ data breach did allow hackers unauthorized access to a cloud server that contained the full names, addresses, phone numbers, dates of birth and email addresses of millions of the resort’s previous guests.
The private information lifted from their private servers contains the details of government officials and chief executive officers such as Twitter Inc. CEO Jack Dorsey and even high-profile celebrities such as pop singer Justin Bieber.
Ekaterina Khrustaleva, COO of web security company ImmuniWeb, comments: “This particular incident reportedly contains only the victims’ PII*, so it is not all that perilous or likely to be used for blackmailing. We should, however, not underestimate the overall impact of the breach. It provides a wide spectrum of efficient attack scenarios for cybercriminals, spanning from spear phishing to BEC and Whaling. Victims should be cautious about any incoming messages, calls or emails. Those whose passwords or secret answers can be inferred from the compromised data need to urgently consider changing their passwords and secret questions if they have not yet done so.”
MGM has confirmed that it notified guests of the data breach at the time, but that the data was “old” as it only related to bookings up to 2017.
Ekaterina Khrustaleva continues:“This data breach is comparatively insignificant in light of the exposed details. Almost every day, cybercriminals on various Dark Web marketplaces offer stolen data coming from hotels and resorts, and not that infrequently the data contains extremely sensitive information about guests’ preferences and stay.”