Home addresses, phone numbers and emails of more than 10MILLION MGM Resorts guests leaked online – with Justin Bieber and Twitter CEO Jack Dorsey among the victims
- A breach in July of 2019 saw personal information of guests posted online
- MGM was made aware of the leak and informed its guests in August 2019
- The data was dumped on a popular-but-unnamed hacking forum this week
- No passwords or financial information was involved in the leak, MGM says
More than ten million former guests of MGM Resorts had their personal data stolen and posted online by hackers as part of a huge data breach.
A report found personal information belonging to Justin Bieber, Twitter CEO Jack Dorsey and a number of government officials among those on the site.
The leak happened last summer and saw home addresses, phone numbers, emails and dates of birth exposed.
No financial, payment card or password data was involved in the incident and the guests affected were notified, according to the statement.
MGM Resorts, which has resorts in Detroit, Mississippi, Maryland, and New Jersey as well as the famous Bellagio, Mandalay Bay, MGM Grand and The Mirage, confirmed the breach in statement.
Scroll down for video
MGM Resorts, which has resorts in Detroit, Mississippi, Maryland, and New Jersey as well as the famous Bellagio, Mandalay Bay, MGM Grand and The Mirage, confirmed the breach in statement
‘Last summer, we discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts’, a company spokesman said.
Technology site ZDNet first reported the breach and recruited a cybersecurity expert to confirm the findings,
Journalists at the digital news site reached out to former guests to confirm their details matched what was found online.
Jake Moore, Cybersecurity Specialist at ESET, told MailOnline: ‘This sort of data is a honey pot for cyber criminals.
‘When personal information such as this is leaked it becomes very sought-after, especially when it includes contact details for a number of high profile users such as celebrities.
‘All the users on this list should now be concerned about the increased risk of further attacks such as targeted phishing emails, or worse still, falling victim to SIM swapping.
‘This is when cyber criminals use social engineering to manipulate mobile network providers into porting your phone number to a new SIM.
‘Attackers can then change two-factor authentication (2FA) codes and get into online accounts bypassing passwords.’
A report found personal information belonging to Justin Bieber, Twitter CEO Jack Dorsey (pictured) and a number of government officials among those on the site
More than ten million customers of MGM Resorts had their personal data posted online as part of a huge data breach. A report found information belonging to Justin Bieber, Twitter CEO Jack Dorsey and a number of government officials on the site
After successfully verifying the information, MGM was made aware of the breach.
MGM then confirmed the data, and customers were reportedly notified in August 2019.
The information was not made public until this week, when the personal information 10,683,188 former hotel guests was posted on a popular hacking forum.
A spokesperson said in a statement: ‘Last summer, we discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.
‘We are confident that no financial, payment card or password data was involved in this matter.
‘MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws.’