MGM Resorts customer data breach still being utilized by hackers

It is well-known among security researchers that data found in a breach or leak can be a threat long after a network is secured. MGM Resorts (owners of the famed MGM Grand of Las Vegas), and more importantly their customers, discovering this fact firsthand. As reported by Catalin Cimpanu in an exclusive ZDNet post, the data of roughly 10.6 million MGM Resorts customers has been compromised once again. The data was stolen during a breach that occurred in the summer of 2019, and as Cimpanu’s report shows, the data was recently uploaded to a popular hacking forum.

In fact, the data has been revealed to be in circulation for at least six months on the Dark Web, according to research by Irina Nesterovsky, head of research at threat intel firm KELA. When contacted by media, MGM Resorts stated the following about the initial data breach:

Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts...We are confident that no financial, payment card or password data was involved in this matter... At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.

The ZDNet report states that MGM Resorts hired third-party cybersecurity firms to run a thorough investigation into their defenses. With literally millions of customers’ full names, home addresses, phone numbers, emails, and dates of birth being exposed, this seems like too little too late. The only reason that MGM Resorts likely took action in the first place is due to the unusually high visibility on this incident. Factors that influence this are the social status of certain exposed guests, such as Twitter CEO Jack Dorsey and pop star Justin Bieber, as well as the sheer number of customers affected. What, otherwise, was stopping them from hardening security before this incident?

Any customers of the MGM Resorts, according to Under The Breach (which initially discovered the incident in 2019), should be extra wary of spear-phishing attacks and SIM swapping. With celebrities, high-ranking government officials with security clearance, Silicon Valley executives, and many others involved in the breach, cybercriminals will milk this data as long as possible.

Data breaches are occurring at an accelerated rate and it would be prudent for all organizations, big and small, to secure their networks from data breaches before they hit the news.

Featured image: Shutterstock

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Managing Azure VMs with System Center Virtual Machine Manager

You may not know it, but System Center Virtual Machine Manager can be used for…

15 hours ago

Best and most secure VPN services for small businesses

As we adjust to a new remote work culture due to coronavirus, a secure VPN…

18 hours ago

Exchange security: Get your SPF, DMARC, and DKIM records in place

Every Exchange admin lives with the constant fear their system will be breached. Having SPF,…

21 hours ago

GE data breach exposes thousands of employee records

A GE data breach exposed a hacker’s treasure trove of employee records, including Social Security…

2 days ago

Getting speed and consistency using Linux text editors and console

Ready to go back to the future? Here’s a look at some Linux text editors…

2 days ago

Amazon GuardDuty unveils new, lower pricing tiers

The Amazon GuardDuty threat-detection service has unveiled some lower price tiers, which will be especially…

2 days ago