Hackers expose personal data of over 10mn MGM hotel guests

Fortnite game hackers earning over Rs 8.7 crore a year

San Francisco: Hackers compromised personal data of more than 10.6 million users — celebrities, tech CEOs and employees, reporters and government officials — who stayed at the MGM Resorts hotels in Las Vegas last summer, and dumped the data online on a hacking forum.

The leaked personal details include full names, home addresses, phone numbers, emails and dates of birth of high-profile guests, including Twitter CEO Jack Dorsey, pop star Justin Bieber and officials from the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA), ZDNet reported on Thursday.

MGM Resorts hotels include Bellagio, Aria, MGM Grand, Mandalay Bay, Park MGM, Mirage, Luxor and Excalibur in Las Vegas and almost all of these are booked round the year for conferences, mostly related to technology.

ZDNet verified the authenticity of the data with MGM Resorts and it confirmed the incident occurred last year and affected guests were informed.

“We got confirmation from international business travellers, reporters attending tech conferences, CEOs attending business meetings, and government officials travelling to Las Vegas branches,” said the report.

An MGM spokesperson confirmed the data breach.

“Last summer, we discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter,’ the spokesperson was quoted as saying.

MGM Resorts hired two cybersecurity forensics firms to conduct an internal investigation into last year’s server exposure.

According to the hotel chain, it notified all impacted hotel guests in accordance with applicable state laws.

The leaked data is a treasure trove for contact details for many high-profile users, working for big tech firms and governments all over the world.

According to the report, these users are at a higher risk of receiving spear-phishing emails, and being SIM swapped.

In total, the MGM data dump contains personal details for 10,683,188 former hotel guests.