When visiting a casino and staying overnight, gamblers anticipate a few hours of fun, drinks and good food, along with exciting casino games. What they don’t anticipate is personal information being stolen and then published for the entire world to see. However, that is exactly what happened to MGM Resorts guests, around 10.6 million individuals.
Date Breach
A data dump took place recently on the dark web where over 10 million people saw their personal information distributed far and wide. Guests of the MGM Resorts hotels thought their details were safe only to find that were subject to a huge data breach.
The posting was noticed by an Under the Breach security researcher, a company that is new to the breach monitoring community. The issue was also covered by ZDNet after a tip came in of the data dump.
Each entry at the dark web site includes personal details of the MGM Resorts hotel guests. Details listed include their full name, home address, telephone number, email address and date of birth. Many people from all walks of life were affected, including celebrities like Justin Bieber.
The entries posted on the website were tested by ZDNet and the identities of the individuals were confirmed via booking dates. The data is valid and among those compromised include CEOs traveling to MGM Resorts for business meetings, as well as officials of the government, international travelers, etc.
The information can now be used to scam or extort those involved and the question is, do the people know their information is now public? If not, the individuals will not know to be on the lookout for fishy behavior.
MGM’s Response
According to reports, MGM Resorts is stating the data came from a security breach that took place last year. The company has reassured their customers that no financial information was released including credit card details or passwords. Reportedly, the company alerted those affected last year.
The company is now said to be working with two experts in cybersecurity to work on an investigation of the matter. They are also working to better shore up their systems in order to prevent such a data breach in the future.
Tech experts suggest that those affected by the breach change their telephone numbers, specifically if using a two-factor authenticator platform for online use. The telephone number associated with the data dump makes the information valuable, especially considering the more high profile clients of MGM Resorts.
Anyone who stayed at the hotel up until 2017 is considered to be part of the breach. People have reportedly already been affected by the breach, including Jack Dorsey, the CEO of Twitter. His information was used via SIM-swappers who took over his Twitter account last year.
Overall, the security breach is a big deal and shows just how important data security is at such venues as casinos and their associated hotels. It will be interesting to see if additional details are provide on this matter in the future and how the company plans to handle such security needs associated.