In February 2020, it was reported that data from 10.6 million guests of MGM Resorts hotels was made publicly available. The leak included not only information about ordinary tourists and travelers, but also personal and contact details of celebrities, heads of large companies, journalists, government officials and employees of a number of the largest technology companies in the world. Including such personal data as full names, home addresses, phone numbers, email addresses and dates of birth.
As it turned out now, in fact the problem was much more serious: as a result of the attack in 2019, the data of 142 million people fell into the hands of third parties.
The real extent of what happened became known due to the fact that the hacker under the pseudonym NightLion put up for sale (on the Empire trading platform on the dark) information on 142,479,937 guests of MGM hotels. The dump was valued at $ 2,900.
Let me remind you that the hacker claims that this information was obtained by hacking the DataViper service for monitoring and arresting leaks, owned by the Night Lion Security information security company. Yesterday we talked in detail about the DataViper hack and the attacker's motives. Winnie Troy, founder of Night Lion Security and DataViper, says his company never owned a full copy of the MGM database. That is, the hacker allegedly sells his own databases, and not some information stolen from DataViper, and is trying to spoil the reputation of the expert company.
However, over the weekend, MGM Reports issued a statement stating that the company was aware of the real extent of the attack. “MGM Resorts was aware of the magnitude of the incident last summer and previously made public,” the statement reads.
The company claims that they have already investigated this situation, notified affected users, and the vast majority of "leaked" data is only contact information (such as names, mailing addresses and email addresses).
However edition Zdnetreferring to KELA specialists, he notes that even 142 million victims are probably not the limit. The fact is that, according to researchers, the information stolen from MGM has been circulated to narrow hacker circles since at least July 2019. And an advertisement at a Russian-speaking hacker forum said that more than 200 million hotel guests had fallen into the hands of attackers.