MGM Security Breach Exposes Personal Information of More Than 10 Million Guests

Personal information of more than 10.6 million guests who stayed at MGM Resorts hotels have been posted on a hacking forum.

News website ZDNet was the first to report the incident on Wednesday, saying the stolen details were published on a hacking forum this week. MGM confirmed that the hack happened.

The breach happened last summer, but went under the radar quickly until the hacking forum brought it to everyone’s attention again.

The hack mostly exposed such information as names, address, and passport numbers of guests who stayed at MGM. Twitter founder Jack Dorsey and Justin Bieber were among the targeted ones, but also tourists, reporters, and FBI agents.

According to MGM’s statement, no financial information has been disclosed.

The hospitality company said it couldn’t determine the exact number of affected people because the details that were revealed might have been duplicated.

MGM informed around 1,300 former guests whose more delicate information such as passport numbers were revealed on the forum of the said incident.

Another 52,000 guests were notified that less sensitive personal details were exposed. However, this is only a small percentage of those affected.

After the security breach last summer, MGM Resorts hired two cybersecurity forensics companies to carry out an internal investigation, said the resort chain.

Security researcher Under the Breach was the company that found the leak and pointed out the highly sensitive nature of the attack.

The exposed information includes contact details of many high-profile individuals, working for big technology companies and governments around the world. These individuals are now exposed to the risk of getting spear-phishing emails, and being SIM swapped, according to Under the Breach.