Cyber criminals have compromised the personal details of over 10.6 million people who stayed at the MGM Resorts hotels in Las Vegas and dumped the data online on a hacking forum.
The leaked personal details include full names, physical home addresses, phone numbers, emails and dates of birth.
MGM Resorts hotels include Bellagio,Aria, MGM Grand, Mandalay Bay, Park MGM, Mirage, Luxor and Excalibur in Las Vegas and since all of them are booked round the year for big conferences and events, personal details of celebrities such as Pop singer Justin Bieber and Twitter's CEO Jack Dorsey were exposed as well as Microsoft employees, reporters, FBI and DHS staffs, etc., were all exposed in the breach.
Also Read: These Are The Top 200 Most Hacked Passwords Of 2019 And You Should Avoid Them In 2020!
The authenticity of the data were verified by ZDNet and a security researcher from Under the Breach who reached out to past guests that stayed at the hotel. These guests confirmed the accuracy of the data in the leaked files as their timeline and stay at the hotel all matched.
Though the stolen data recently showed up in a hacking forum, ZDNet got to understand that the data came from a security breach that took place last year. The data is said to have been leaked in July 2019, and those affected in the breach were all notified. Data dating back to 2017 was found on an unsecured cloud server.
An MGM spokesperson confirmed the data breach to ZDNet.
"Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter," the spokesperson said.
This leaked data poses several threats to the affected individuals, most especially for people working in big firms and those in the government. These people are likely to see attacks in the form of impersonation, spear-phishing emails and SIM swap.
MGM Resorts says it has hired two cybersecurity forensics firms to conduct an internal investigation into the breach.
"At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again," an MGM spokesperson said.