Personal details of more than 142 million MGM hotel guests have surfaced on a dark web cybercrime marketplace suggesting that the MGM Resorts 2019 data breach might have been bigger than previously anticipated. MGM Resorts had suffered a data breach last year and, at the time, it was reported that personal information such as name, email address, and mobile number of roughly 10.6 million guests was compromised.
However, over the weekend an advertisement appeared on one of the dark web marketplaces offering for sale the details of 142,479,937 MGM hotel guests for a price just over $2,900, ZDNet reports.
According to the seller, the data was obtained as a result of the recent DataViper breach. DataViper is a data leak monitoring service that belongs to a US-based cyber-security firm Night Lion Security.
Vinny Troia, founder of Night Lion Security, disputed the hacker’s claim and said that his company never owned a copy of the full MGM database and that the hackers are trying to ruin his company’s reputation.
The company that owns popular hotel chains such as Bellagio, Aria, MGM Grand, Mandalay Bay, Park MGM, Mirage, Luxor and Excalibur in Las Vegas, had faced a data breach in summer 2019 when attackers accessed a cloud server that contained information of certain previous guests of MGM Resorts.
According to an MGM spokesperson, the company was aware of the full scope of the data breach and had already addressed the situation, although it did not disclose the details of the hack.