MGM, a reputed brand for hotels, casinos, resorts etc has just let millions of their customer’s data to hack. MGM resorts have a server breach in last May, where the hackers stole details of more than 10 million guests and posted in a hacker forum. Reported and verified by ZDNet, customers say that they’re unaware of the breach.
Data of 10,683,188 guests!
The dataset didn’t just contain the details of regular guests, but high-profiled personalities like Jack Dorsey, Justin Bieber and many government officials of US. The leaked record contained names, email addresses, phone numbers, residential addresses and date of births. MGM upon investigation, says it’s confident that no sensitive information like bank cards, passwords were breached during the hack.
While ZDNet confirmed the authenticity of leaked data, it informed MGM resorts and received a reply that the hotel is aware of that breach already! MGM security team said it had faced a security hack in May last year and claims to have informed the victims. And when cross verified, very few have reported this in August and many have told they’re unaware of the incident.
Regarding the incident, the breached responded to ZDNet as, “Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter. At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.”
Future threats?
The leaked information is enough for significant attacks as phishing and SIM card swapping. Attackers can use this dataset and send malicious links/attachments via emails or messages to dump malware and steal sensitive credentials later on. If not, they can fool banks by impersonating and swapping SIM cards for further attacks.
All these are potential attacks on those victims, and they should be aware of any such fraudulent activities against them in future. Nevertheless, it’s the responsibility of MGM to inform and assist them too.
