Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported.
In February, ZDNet revealed in exclusive that the personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.
The list of customers whose data were stolen includes celebrities, tech CEOs, reporters (i.e. Twitter CEO Jack Dorsey, Justin Bieber), government officials, and employees at some of the major tech companies.
The huge trove of data contains personal details for 10,683,188 former hotel guests, including full names, home addresses, phone numbers, emails, and dates of birth.
At the time, ZDNet validated the authenticity of the data contacting past guests of the hotel, including international business travelers, reporters attending tech conferences and CEOs attending business meetings.
“The new finding came to light over the weekend after a hacker put up for sale the hotel’s data in an ad published on a dark web cybercrime marketplace.” reported ZDNet.
The hacker is attempting to sell the huge trove of data, details for 142,479,937 MGM hotel guests, for over $2,900.
The hacker claims to have obtained the database from the hack of the DataViper monitoring service operated by the security firm Night Lion Security. However, the company denies having had the full MGM database in its archives and insists that someone is attempting to ruin the reputation of the cybersecurity firm.
In February, the MGM Resorts chain confirmed it already notified all impacted hotel guests and reported the incident to the authorities.
According to MGM Resorts, the data was old, none of the customers in the archive stayed at the hotel past 2017. The company excluded that hackers have stolen financial and payment card data or passwords.
ZDNet speculates the MGM data breach could be even bigger than the 142 million, some posts on Russian-speaking hacking forums were advertising MGM dump containing details on more than 200 million hotel guests.
(SecurityAffairs – hacking, data breach)