The site Under the Breach came across the leaked files on an online forum commonly used by hackers, the company told Business Insider in a Twitter message. A researcher then cross-referenced the information with publicly available data and emails that had been exposed in previous breaches, the company said. ZDNet and Under the Breach also confirmed with several people whose information appeared in the leaked files that they had indeed stayed at MGM hotels during the time period in question.
The data theft, which was first reported by the tech site ZDNet, occurred last summer but news of the leak circulated online this week. Victims appear to include celebrities, government officials and prominent CEOs and tech company employees, among other guests. Justin Bieber and Twitter CEO Jack Dorsey were among the names reported. Twitter representative Giovanna Falbo declined to comment on Dorsey's behalf. USA TODAY has also reached out to Bieber's representative.
Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world's largest tech companies.
According to Irina Nesterovsky, Head of Research at threat intel firm KELA, the data of MGM Resorts hotel guests had been shared in some closed-circle hacking forums since at least July, last year. The hacker who released this information is believed to have an association, or be a member of GnosticPlayers, a hacking group that has dumped more than one billion user records throughout 2019.
The leaked data is a treasure trove for contact details for many high-profile users, working for big tech firms and governments all over the world. These users now face a higher risk of receiving spear-phishing emails, and being SIM swapped, Under the Breach told ZDNet.
MGM Resorts told ZDNet that the data was old. We can confirm this statement as from all the hotel guests we called today, none stayed at the hotel past 2017. Some of the phone numbers we called were disconnected, but many were also valid, and the right person answered the phone.
The size and the severity of this MGM Resorts security incident pale in comparison to the massive data breach that impacted Marriott hotels in 2017 when the details of hundreds of millions of users were stolen by Chinese state-sponsored hackers.
A wide range of sensitive information of millions of hotel guests has been discovered sitting on an unsecured server and accessible for anyone to view. The data was stored on a misconfigured Amazon Web Services (AWS) S3 bucket belonging to Prestige Software, a Spain-based company that sells hotel reservation management software.
The personal information of more than 10.6 million former guests of MGM Resorts hotels has been leaked on a hacking forum. The data dump contained a range of Personally Identifiable Information (PII), including full names, home addresses, phone numbers, emails, and birth dates, according to an exclusive ZDNet report.
U.S. casino operator MGM Resorts International said on Thursday it was the victim of a data breach last year after an earlier report claimed that details of over 10.6 million hotel guests had been compromised.
The details in the leaked files included information on celebrities, chief executives of technology companies, reporters and government officials, the report added, citing confirmation from some of those affected.
In May 2019, First American Financial Corporation reportedly leaked 885 million users' sensitive records that date back more than 16 years, including bank account records, social security numbers, wire transactions, and other mortgage paperwork.
In November 2018, Marriott International announced that hackers had stolen data about approximately 500 million Starwood hotel customers. The attackers had gained unauthorized access to the Starwood system back in 2014 and remained in the system after Marriott acquired Starwood in 2016. However, the discovery was not made until 2018.
In May 2019, Australian business, Canva - an online graphic design tool - suffered a data breach that impacted 137 million users. The exposed data included email addresses, names, usernames, cities and passwords stored as bcrypt hashes.
Quora, a popular site for Q&A suffered a data breach in 2018 exposed the personal data of up to 100 million users.The types of leaked data included personal information such as names, email addresses, encrypted passwords, user accounts linked to Quora and public questions and answers posted by users. There was no evidence discovered that anonymously posted questions and answers were affected by the breach.
MyHeritage, a genealogical service website was compromised, affecting more than 92 million user accounts. The breach occurred in October 2017, but wasn't disclosed until June 2018. A security researcher discovered a file on a private server containing email addresses and encrypted passwords. The security team at MyHeritage confirmed that the content of the file affected the 92 million users, but found no evidence that the data was ever used by the attackers. MyHeritage earned praise for promptly investigating and disclosing details of the breach to the public.
Hackers gained access to over 10 million guest records from MGM Grand. The records exposed the contact information of former hotel guests including Justin Bieber, Twitter CEO Jack Dorsey, and government officials.
In February, security researcher Jeremiah Fowler came upon a massive online database belonging to cosmetics giant Estee Lauder. According to Fowler, the unsecured database exposed confidential information stored in over 440 million customer records.
The leaked contact information for millions of former hotel guests included records of celebrities that included Justin Bieber, Twitter CEO Jack Dorsey, and a number of government officials. MGM insists that no credit card information or passwords were exposed in the data breach.
Incredibly, this is not the first time confidential information about MGM guests had been openly published online. In mid-2019, MGM employees noticed there had been unauthorized access of a corporate server. That very same day, the stolen information started appearing in a number of hacking forums.
In July of 2020, researchers discovered an ad on a dark web marketplace offering the records of more than 142 million MGM guests for the bargain price of $2,900. The offer suggests that the original breach may have been far worse than previously indicated.
ZDNet confirmed the authenticity of the data on Wednesday. None of the hotel guests whom the news outlet contacted had stayed at the hotel more recently than 2017. But regardless of how long ago the initial breach happened, the personally identifiable information (PII) is still valuable for use in spearphishing campaigns or in SIM-swap attacks, as Under the Breach told ZDNet.
The sale of the records has been linked to the threat actor known as GnosticPlayers, which has claimed responsibility for multiple big breaches, including the September 2019 hack of online social game maker Zynga, the massive hack of 26 million records stolen from another six online companies in March 2019, and plenty more.
That hack was only discovered in November 2018, but it affected the personal details and payment card data on up to 500 million people dating back to 2014. That attack was linked to Chinese state-sponsored hackers.
The Identity Theft Resource Center reports that there were 1,473 known data breaches in 2019. These attacks affect the data of millions of people. A compromised identity can have consequences that last for years. One of the most visible data breaches of 2019 was the MGM Grand breach that exposed the information of 10.6 million former hotel guests.
> Details of 10 million MGM hotel guests leaked online (opens in new tab)> MGM data breach was far worse than originally thought (opens in new tab)> Stolen UK consumer data up for sale on sale online (opens in new tab)
Exposed data included names, addresses, phone numbers, dates of birth, and email addresses.MGM Resorts confirmed the breach occurred in the summer of 2019. The hotel chain said affected hotel guests were promptly notified last year when the breach was discovered. It is believed that guests whose information was exposed stayed at MGM Resorts in 2017 and earlier.
The MGM Resorts data breach was discovered in the summer of 2019, but the breach became public on February 20, 2020, when ZDNet published an article about the data security incident.ZDnet contacted MGM Resorts, which confirmed the breach."Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts," MGM told ZDNet.Information accessed in the breach was posted on a hacking forum this week. The hacker who released the information is believed to have ties to the hacking group GnosticPlayers.GnosticPlayers posted more than 1 billion records on hacking forums in 2019, security researcher Irina Nesterovsky told ZDNet.ZDNet contacted MGM Resorts with leaked guest data found on the hacking sight. MGM was able to match the information with data accessed in the summer 2019 data breach.
The vpnMentor research team stumbled upon the files, which totaled 8.7 GB of data, on the messaging platform earlier this week, and noted that they "assume at least 30 million people had some of their data leaked." MGM Resorts, a hotel and casino chain, did not respond to The Register's request for comment.
The researchers reckon this information is linked to the theft of millions of guest records, which included the details of Twitter's Jack Dorsey and pop star Justin Bieber, from MGM Resorts in 2019 that was subsequently distributed via underground forums. 2b1af7f3a8