Millions of ‘MGM Resorts’ Clients Had Their Details Published on the Dark Net

Last updated February 20, 2020
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

A pretty big data dump containing the personal details of about 10.6 million people who stayed at “MGM Resorts” hotels was published on the dark web recently. The new offering was noticed by a security researcher from “Under the Breach,” which is an upcoming breach monitoring service, and was subsequently covered by ZDNet after a relevant tip. Each entry in the data dump includes the following information about the hotel guests:

mgm data

Source: ZDNet

ZDNet tested some of the entries by contacting the persons, who confirmed the booking dates. That said, the dump is genuine, and the data in it are valid. Among the compromised individuals are CEOs of large organizations attending business meetings, government officials, reporters attending conferences, international business travelers, etc. With this type of information being published on the darknet now, exposed people are running the risk of being extorted, scammed, phished, or even SIM-swapped. So, the question that arises is, do these people know of the breach, or were they left in their “happy” nescience?

According to what "MGM Resorts" states now, this data derives from a security breach that they suffered last year. The hotel company reassures its customers that no financial details, passwords, or credit card data was leaked as a result of this incident. Moreover, they claim that every compromised customer received the associated notification last year. Finally, MGM Resorts is still working closely with two cybersecurity experts who are helping them conclude the relevant investigation, as well as to secure their systems in a way that will prevent similar incidents from occurring in the future.

For those of you who stayed at an "MGM Resorts" hotel up until 2017, there's one thing that you should definitely do. That is to change the phone number you're using for two-factor authentication on online platforms. The inclusion of this information in the dump is precisely what makes it valuable, especially when it comes to high-profile individuals. "Under the Bridge" researchers point out that, in this dump, there are the phone numbers of pop singer Justin Bieber, as well as Twitter's CEO Jack Dorsey. The latter fell victim to SIM-swappers who took over his account on Twitter back in August, so the danger is real.

Matt Walmsley, EMEA Director at Vectra sent us the following comment on the above story:

"MGM has acknowledged a cloud “server exposure”. This could have easily been caused from poor cloud configuration and security hygiene, or from offensive attacker behaviors. As practitioners, we need to stop treating cloud separately from a security perspective. As organizations increasingly use the cloud to underpin digital transformation, it is critical that security operations teams have the ability to pervasively detect and respond to attacks and unauthorized access wherever they happen. Attackers don’t operate in silos of local mobile, network, data centers, or cloud - neither should our security capabilities."



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: