Home addresses, phone numbers and emails of more than 10MILLION MGM Resorts guests leaked online – with Justin Bieber and Twitter CEO Jack Dorsey among the victims
- A breach in July of 2019 saw personal information of guests posted online
- MGM was made aware of the leak and informed its guests in August 2019
- The data was dumped on a popular-but-unnamed hacking forum this week
- No passwords or financial information was involved in the leak, MGM says
More than ten million former guests of MGM Resorts had their personal data stolen and posted online by hackers as part of a huge data breach.
A report found personal information belonging to Justin Bieber, Twitter CEO Jack Dorsey and a number of government officials among those on the site.
The leak happened last summer and saw home addresses, phone numbers, emails and dates of birth exposed.
No financial, payment card or password data was involved in the incident and the guests affected were notified, according to the statement.
MGM Resorts, which has resorts in Detroit, Mississippi, Maryland, and New Jersey as well as the famous Bellagio, Mandalay Bay, MGM Grand and The Mirage, confirmed the breach in statement.
Scroll down for video
MGM Resorts, which has resorts in Detroit, Mississippi, Maryland, and New Jersey as well as the famous Bellagio, Mandalay Bay, MGM Grand and The Mirage, confirmed the breach in statement
‘Last summer, we discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts’, a company spokesman said.
Technology site ZDNet first reported the breach and recruited a cybersecurity expert to confirm the findings,
Journalists at the digital news site reached out to former guests to confirm their details matched what was found online.
Jake Moore, Cybersecurity Specialist at ESET, told MailOnline: ‘This sort of data is a honey pot for cyber criminals.
‘When personal information such as this is leaked it becomes very sought-after, especially when it includes contact details for a number of high profile users such as celebrities.
‘All the users on this list should now be concerned about the increased risk of further attacks such as targeted phishing emails, or worse still, falling victim to SIM swapping.
‘This is when cyber criminals use social engineering to manipulate mobile network providers into porting your phone number to a new SIM.
‘Attackers can then change two-factor authentication (2FA) codes and get into online accounts bypassing passwords.’
After successfully verifying the information, MGM was made aware of the breach.
MGM then confirmed the data, and customers were reportedly notified in August 2019.
The information was not made public until this week, when the personal information 10,683,188 former hotel guests was posted on a popular hacking forum.
A spokesperson said in a statement: ‘Last summer, we discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.
‘We are confident that no financial, payment card or password data was involved in this matter.
‘MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws.’
HOW TO CHECK IF YOUR EMAIL ADDRESS IS COMPROMISED
Have I Been Pwned?
Cybersecurity expert and Microsoft regional director Tory Hunt runs ‘Have I Been Pwned’.
The website lets you check whether your email has been compromised as part of any of the data breaches that have happened.
If your email address pops up you should change your password.
Pwned Passwords
To check if your password may have been exposed in a previous data breach, go to the site’s homepage and enter your email address.
The search tool will check it against the details of historical data breaches that made this information publicly visible.
If your password does pop up, you’re likely at a greater risk of being exposed to hack attacks, fraud and other cybercrimes.
Mr Hunt built the site to help people check whether or not the password they’d like to use was on a list of known breached passwords.
The site does not store your password next to any personally identifiable data and every password is encrypted
Other Safety Tips
Hunt provides three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and save unique passwords for each service you use.
Next, enable two-factor authentication. Lastly, keep abreast of any breaches
Source: Read Full Article