It is well-known among security researchers that data found in a breach or leak can be a threat long after a network is secured. MGM Resorts (owners of the famed MGM Grand of Las Vegas), and more importantly their customers, discovering this fact firsthand. As reported by Catalin Cimpanu in an exclusive ZDNet post, the data of roughly 10.6 million MGM Resorts customers has been compromised once again. The data was stolen during a breach that occurred in the summer of 2019, and as Cimpanu’s report shows, the data was recently uploaded to a popular hacking forum.
In fact, the data has been revealed to be in circulation for at least six months on the Dark Web, according to research by Irina Nesterovsky, head of research at threat intel firm KELA. When contacted by media, MGM Resorts stated the following about the initial data breach:
Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts...We are confident that no financial, payment card or password data was involved in this matter... At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.
The ZDNet report states that MGM Resorts hired third-party cybersecurity firms to run a thorough investigation into their defenses. With literally millions of customers’ full names, home addresses, phone numbers, emails, and dates of birth being exposed, this seems like too little too late. The only reason that MGM Resorts likely took action in the first place is due to the unusually high visibility on this incident. Factors that influence this are the social status of certain exposed guests, such as Twitter CEO Jack Dorsey and pop star Justin Bieber, as well as the sheer number of customers affected. What, otherwise, was stopping them from hardening security before this incident?
Any customers of the MGM Resorts, according to Under The Breach (which initially discovered the incident in 2019), should be extra wary of spear-phishing attacks and SIM swapping. With celebrities, high-ranking government officials with security clearance, Silicon Valley executives, and many others involved in the breach, cybercriminals will milk this data as long as possible.
Data breaches are occurring at an accelerated rate and it would be prudent for all organizations, big and small, to secure their networks from data breaches before they hit the news.
Featured image: Shutterstock