The personal details of over 10.6 million guests who stayed at MGM Resorts hotels was published on a hacking forum this week. The leaked data includes details of regular tourists and travelers, personal and contact details for celebrities, tech CEOs, reporters, government officials, and staffs of some of the world’s largest tech companies.
The personal details of 10,683,188 former hotel guests were reported to be exposed and it includes details like full names, home addresses, phone numbers, emails, and dates of birth.
The data breach was confirmed by a spokesperson for MGM Resorts and according to him the data that was shared online this week is from a security incident that took place last year.
It was last summer where the hotel chain found unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.
They assure that no financial, payment card or password data was involved in this matter. All the affected hotel guests were notified by the hotel chain in accordance with applicable state laws.
MGM Resorts also retained two cybersecurity forensics firms to conduct an internal investigation into last year’s server exposure.
They confirm that they have strengthened and enhanced the security of their network to prevent any occurrence of this kind in the future.
Head of Research at threat intel firm KELA, Irina Nesterovsky stated that the data of MGM Resorts hotel guests had been shared in some closed-circle hacking forums since at least July, last year. The hacker behind this is believed to be associated or a member of GnosticPlayers, a hacking group that has dumped more than one billion user records throughout 2019.