10 million MGM Resorts guests' data reportedly hacked

ZDNet reported last week that potentially sensitive information of about 10.6 million people has been posted for sale on the dark web.

This includes name, address and contact details for celebrities, reporters and government officials.

A fewer number, reportedly 1,300, of passport numbers have also been taken.

“Last summer, we discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,” said an MGM Resorts spokesperson.

“We are confident that no financial, payment card or password data was involved in this matter.”

Ekaterina Khrustaleva, chief operating officer of web security company ImmuniWeb, said although the data is not likely to be used for blackmail, it should not be underestimated.

“Victims should be cautious about any incoming messages, calls or emails. Those whose passwords or secret answers can be inferred from the compromised data need to urgently consider changing their passwords and secret questions if they have not yet done so.

“This data breach is comparatively insignificant in light of the exposed details. Almost every day, cybercriminals on various dark web marketplaces offer stolen data coming from hotels and resorts, and not that infrequently the data contains extremely sensitive information about guests’ preferences and stay."

MGM Resorts have 30 hotel and destination gaming offerings in its portfolio, including in Las Vegas and Shanghai.