The personal details of more than 10.6 million guests who stayed at MGM Resorts hotels were published on a hacking forum.
According to a ZDNet report, the leaked files contain details for regular tourists and travelers and also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world's largest tech companies.
ZDNet verified the authenticity of the data today, together with a security researcher from Under the Breach, a soon-to-be-launched data breach monitoring service. A spokesperson for MGM Resorts confirmed the incident via email.
ZDNet's analysis reveals the MGM data dump that was shared contains personal details for 10,683,188 former hotel guests. The leaked files expose personal details such as full names, home addresses, phone numbers, emails, and dates of birth. ZDNet reached out to past guests and confirmed they stayed at the hotel, along with their timeline, and the accuracy of the data included in the leaked files. They received confirmation from international business travelers, reporters attending tech conferences, CEOs attending business meetings, and government officials traveling to Las Vegas branches.
An MGM spokesperson told ZDNet the data that was shared online this week stems from a security incident that took place last year. "Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts," MGM told ZDNet. "We are confident that no financial, payment card or password data was involved in this matter."
Matt Walmsley, EMEA Director at Vectra, says, "MGM has acknowledged a cloud “server exposure”. This could have easily been caused from poor cloud configuration and security hygiene, or from offensive attacker behaviors. As practitioners, we need to stop treating cloud separately from a security perspective."
"As organizations increasingly use the cloud to underpin digital transformation, it is critical that security operations teams have the ability to pervasively detect and respond to attacks and unauthorized access wherever they happen," says Walmsley. "Attackers don’t operate in silos of local mobile, network, data centres, or cloud - neither should our security capabilities."