MGM Resorts data breach grows to potentially 142 million people, hacker claims

The MGM Grand hotel and casino in Las Vegas in a vintage photo.
(Image credit: GTS Productions/Shutterstock)

The 2019 data breach at luxury hotel chain MGM Resorts may have affected over 142 million guests rather than the previously stated 10.6 million. 

According to ZDNet, a hacker is looking to sell the personal data of 142,479,937 people who had stayed at an MGM Resort hotel over the past several years.

In an advertisement posted on a dark web hacker forum, the cybercrook is charging $2,939 for access to the compromised data. 

“MGM Resorts was hit by cybercriminals, first reported by ZDNet, who listed personal and contact details for 10.6 million hotel guests, including celebrities, employees and government officials,” reads the ad. 

“However, what was not reported was that MGM Grand Hotels was also breached, consisting of 142 million entries.”

The perpetrator claims to have gained access to the vast amount of data after hacking into the systems of Night Lion Security-owned threat-intelligence monitoring platform DataViper.

This week, it emerged that DataViper's systems had been targeted by hackers and saw 8,200 databases stolen. These presumably contained the personal information of billions of people affected by past data breaches.

What to do about the MGM Resorts data breach

The stolen data did not include credit card numbers or Social Security numbers, but did include full names, street addresses, email addresses, phone numbers and dates of birth. 

That's enough to give identity thieves a head start. If you stayed at an MGM Resorts property in the past several years, you might want to consider signing up with one of the best identity-theft-protection services.

MGM Resorts owns or operates several properties in Las Vegas, including the Aria, Bellagio, Delano, Excalibur, Luxor, Mandalay Bay, MGM Grand, Mirage, New York New York, Park MGM and Vdara hotels.

Outside of Las Vegas, the company runs or owns the MGM National Harbor resort in Maryland, the MGM Springfield in Massachusetts, the MGM Grand Detroit, the Borgata in Atlantic City, the Gold Strike Casino Resort in Mississippi and the Yonkers Raceway and Empire City Casino in New York.

Questions remain 

Vinny Troia, founder of Night Lion Security, denied that the MGM data had been stolen from his company. 

Speaking to ZDNet, Troia claimed that his firm had “never owned a copy of the full MGM database and that the hackers are merely trying to ruin his company's reputation”.

In a statement given to ZDNet, MGM Resorts said it “was aware of the scope of this previously reported incident from last summer” and claimed that it “has already addressed the situation.”

The data breach took place last summer, and hackers were able to gain access to a cloud server and subsequently steal the personal information of 10.6 million guests, including high-profile figures such as Justin Bieber and Twitter boss Jack Dorsey.

As a result of the breach, the hackers stole sensitive information such as names, home addresses, emails, phone numbers and birth dates. While the hacker in question claims to have access to the data of 142 million people, the number of people affected by the breach may actually surpass 200 million. 

  • More: Stay anonymous and safer online with the best VPN
TOPICS

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!

Latest in Online Security
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
How to delete TikTok
TikTok has rolled out a vital new security feature — here's how to use it
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Thursday, March 20 (#648)
A phone with the Plex logo in front of an out-of-focus background of movie posters
Yikes! Plex is getting a price hike and this key feature is going behind a pay wall
back of Iris Pixel 9a
Google Pixel 9a pre-orders delayed due to 'component quality issue' — here's when you can get one
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Sony A95K QD-OLED TV in front of windows in a living room
This new TV breakthrough looks like a game-changer for OLED TVs
Apple iPhone 16 & 16 Plus hands-on.
Forget USB-C — a truly portless iPhone just got the all-clear from the EU