ZDNet, in collaboration with Under the Breach, reported about the leak of personal data of more than 10.6 million people who stayed at MGM Resorts hotels. Information was posted on an unnamed hacker forum this week. The leak includes not only information about ordinary tourists and travelers, but also personal and contact details of celebrities, heads of large companies, journalists, government officials and employees of several of the largest technology companies in the world.
According to experts, in general, the MGM dump contains personal data of 10,683,188 former hotel guests. Including such personal data as full names, home addresses, phone numbers, email addresses and dates of birth.
To verify the authenticity of the dump, the journalists contacted the ex-guests and confirmed that they had really stayed at MGM hotels, checked the dates of their visits and personal details. The coincidence was confirmed by international travelers, journalists who attended technical conferences, company leaders who came to business meetings, and even government officials.
After checking the data, the researchers turned to MGM Resorts for comment. The MGM Resorts team was able to quickly verify information about the leak and track it until last year's security incident. So, representatives of the hotel chain reported, that in the summer of 2019, unauthorized access to a cloud server was revealed, which contained a certain amount of data about hotel visitors. The company emphasized that there were no financial and credentials among this information.
The hotel chain claims that last year it notified all victims in accordance with the current state legislation, and also involved two independent forensic companies specializing in cyber incidents in the investigation.
Also at MGM Resorts emphasize, that the dump contains pretty old data. Journalists report that this is true: none of the guests contacted by the publication stayed at MGM hotels after 2017, and some of the phone numbers were already disconnected.
However, a data leak from MGM Resorts is unlikely to compare with the largest incident in this area: in 2014, the Marriott hotel chain leaked a data leak, affecting a total of half a billion people. Then the hackers remained in the company's systems for almost four years.