Show vulnerabilities with patch / with exploit
14 July 2020

Personal information of over 142 million MGM hotel guests offered for sale on the dark web


Personal information of over 142 million MGM hotel guests offered for sale on the dark web

Personal details of more than 142 million MGM hotel guests have surfaced on a dark web cybercrime marketplace suggesting that the MGM Resorts 2019 data breach might have been bigger than previously anticipated. MGM Resorts had suffered a data breach last year and, at the time, it was reported that personal information such as name, email address, and mobile number of roughly 10.6 million guests was compromised.

However, over the weekend an advertisement appeared on one of the dark web marketplaces offering for sale the details of 142,479,937 MGM hotel guests for a price just over $2,900, ZDNet reports.

According to the seller, the data was obtained as a result of the recent DataViper breach. DataViper is a data leak monitoring service that belongs to a US-based cyber-security firm Night Lion Security.

Vinny Troia, founder of Night Lion Security, disputed the hacker’s claim and said that his company never owned a copy of the full MGM database and that the hackers are trying to ruin his company’s reputation.

The company that owns popular hotel chains such as Bellagio, Aria, MGM Grand, Mandalay Bay, Park MGM, Mirage, Luxor and Excalibur in Las Vegas, had faced a data breach in summer 2019 when attackers accessed a cloud server that contained information of certain previous guests of MGM Resorts.

According to an MGM spokesperson, the company was aware of the full scope of the data breach and had already addressed the situation, although it did not disclose the details of the hack.

Back to the list

Latest Posts

Vulnerabilities in Gmail and iCloud allow hiding the sender

Vulnerabilities in Gmail and iCloud allow hiding the sender

Manipulating email header fields allows for various types of attacks to deceive the addressee.
6 August 2020
Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020