Over 10.6 million customer records associated with the MGM hotel group have been published on a popular online hacking forum this week according to a ZDNet report.
The online dump comes months later after the MGM Resorts hotel chain suffered a data breach in the summer of 2019. The list has 10,683,188 entries and contains information including guess names, home addresses, phone numbers, birth dates, and their periods of stays at the associated MGM properties.
Among the affected guests are high-profiled celebrities, journalists, tech industry experts and government officials. Let’s not forget that Las Vegas is the home of some of the world’s largest conferences including CES.
ZDNet independently confirmed the authenticity of the data set after reaching out to a number of guests on the exposed list. From their findings, the information is relatively old as the entries were only recorded up to the end of 2017, but many of the entries still turned out to be valid.
According to MGM, affected customers were contacted about the breach, and said no sensitive information was leaked.
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,” MGM told ZDNet.
“We are confident that no financial, payment card or password data was involved in this matter.”
The group also hired two security forensics teams to identify how the breach took place and what could be done to enhance their data protection measures.
At the time, the data set was only shared within a limited number of hacking circles, but this new leak exposes the information to a much wider audience.
Even though the recorded data may not be exactly sensitive given how easy it is to look up information online, it is still a treasure trove for online scammers who use social engineering and scare tactics to trick people into handing over more sensitive information and money.
SIM swapping is also a big problem as scammers could use the gathered information to pretend they are one of the affected customers, and report their phones as stolen, thus allowing them to have the numbers ported to new SIM cards. From there, they can then overcome the problem of getting into various types of online accounts that use cellphones as part of the two-factor authentication process.
MGM Resorts owns (and partly owns) a number of popular properties across the globe, with the majority of them being located in Las Vegas. Some of those properties include the MGM Grand, The Signature, New York-New York, Bellagio (leased), Mandalay Bay, Aria and Vdara.