The 2019 data breach at luxury hotel chain MGM Resorts may have affected more than 142 million guests, instead of the previously announced 10.6 million.
According to ZDNet, hackers are attempting to sell the personal data of 142,479,937 people who have stayed at MGM Resorts hotels over the past several years.
In an ad posted on a dark web hacker forum, the cybercrew is charging $2,939 for access to the compromised data.
"MGM Resorts was hit by cybercriminals, first reported by ZDNet, who listed the personal and contact information of 10.6 million hotel guests, including celebrities, employees, and government officials," the ad states.
"What was not reported, however, is that MGM Grand Hotels was also breached, with 142 million entries.
The criminals allegedly accessed the vast amount of data after hacking into the systems of DataViper, a threat intelligence and monitoring platform under Night Lion Security.
This week, it was revealed that DataViper's systems were targeted by hackers and 8,200 databases were stolen. These databases contained the personal information of billions of individuals who were presumably affected by previous data breaches.
The stolen data did not contain credit card numbers or social security numbers, but did contain full names, addresses, e-mail addresses, phone numbers, and dates of birth.
This is enough to give identity thieves a head start. Anyone who has stayed at an MGM Resorts property in the past few years may want to consider signing up for one of the best identity theft protection services.
MGM Resorts owns or operates several properties in Las Vegas, including the Aria, Bellagio, Delano, Excalibur, Luxor, Mandalay Bay, MGM Grand, Mirage, New York New York, Park MGM, and Vdara hotels. [Outside of Las Vegas, the company owns or operates MGM National Harbor in Maryland, MGM Springfield in Massachusetts, MGM Grand in Detroit, Borgata in Atlantic City, Gold Strike Casino Resort in Mississippi, Yonkers Race Course in New York and operates or owns the Empire City Casino.
Night Lion Security founder Vinny Troia denied that MGM data was stolen from his company.
According to ZDNet, Troia claimed that his company "never possessed a copy of MGM's complete database and that the hackers are simply trying to discredit his company."
In a statement provided to ZDNet, MGM Resorts said it was "aware of the scope of this incident, which was reported last summer," and claimed it had "already addressed the situation."
The data breach occurred last summer, when hackers were able to access a cloud server and subsequently steal the personal information of 10.6 million guests, including celebrities such as Justin Bieber and Twitter boss Jack Dorsey.
As a result of the unauthorized access, the hackers stole sensitive information such as names, home addresses, emails, phone numbers, and dates of birth. Although the hackers in question claim to have had access to the data of 142 million people, the actual number of people affected by the information breach may exceed 200 million.
Comments