14 July 2020

Personal information of over 142 million MGM hotel guests offered for sale on the dark web


Personal information of over 142 million MGM hotel guests offered for sale on the dark web

Personal details of more than 142 million MGM hotel guests have surfaced on a dark web cybercrime marketplace suggesting that the MGM Resorts 2019 data breach might have been bigger than previously anticipated. MGM Resorts had suffered a data breach last year and, at the time, it was reported that personal information such as name, email address, and mobile number of roughly 10.6 million guests was compromised.

However, over the weekend an advertisement appeared on one of the dark web marketplaces offering for sale the details of 142,479,937 MGM hotel guests for a price just over $2,900, ZDNet reports.

According to the seller, the data was obtained as a result of the recent DataViper breach. DataViper is a data leak monitoring service that belongs to a US-based cyber-security firm Night Lion Security.

Vinny Troia, founder of Night Lion Security, disputed the hacker’s claim and said that his company never owned a copy of the full MGM database and that the hackers are trying to ruin his company’s reputation.

The company that owns popular hotel chains such as Bellagio, Aria, MGM Grand, Mandalay Bay, Park MGM, Mirage, Luxor and Excalibur in Las Vegas, had faced a data breach in summer 2019 when attackers accessed a cloud server that contained information of certain previous guests of MGM Resorts.

According to an MGM spokesperson, the company was aware of the full scope of the data breach and had already addressed the situation, although it did not disclose the details of the hack.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024