- Personal details of over 10.6 million guests who stayed at MGM hotels have been published on a hacking forum this week
- According to MGM, the hack mostly exposed contact information - names, addresses, and passport numbers
- Twitter Founder Jack Dorsey and Justin Bieber were among the impacted ones
Personal information of more than 10.6 million guests who stayed at MGM Resorts hotels have been posted on a hacking forum.
News website ZDNet was the first to report the incident on Wednesday, saying the stolen details were published on a hacking forum this week. MGM confirmed that the hack happened.
The breach happened last summer, but went under the radar quickly until the hacking forum brought it to everyone’s attention again.
The hack mostly exposed such information as names, address, and passport numbers of guests who stayed at MGM. Twitter founder Jack Dorsey and Justin Bieber were among the targeted ones, but also tourists, reporters, and FBI agents.
According to MGM’s statement, no financial information has been disclosed.
The hospitality company said it couldn’t determine the exact number of affected people because the details that were revealed might have been duplicated.
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter,” a spokesperson for MGM Resorts said.
MGM informed around 1,300 former guests whose more delicate information such as passport numbers were revealed on the forum of the said incident.
Another 52,000 guests were notified that less sensitive personal details were exposed. However, this is only a small percentage of those affected.
After the security breach last summer, MGM Resorts hired two cybersecurity forensics companies to carry out an internal investigation, said the resort chain.
“At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again,” MGM said.
Security researcher Under the Breach was the company that found the leak and pointed out the highly sensitive nature of the attack.
The exposed information includes contact details of many high-profile individuals, working for big technology companies and governments around the world. These individuals are now exposed to the risk of getting spear-phishing emails, and being SIM swapped, according to Under the Breach.