A specialized media outlet, ZDNet, has been able to confirm that the consumer data breach of MMG Resorts International guests was much bigger than originally reported, with some 142 million hotel guests compromised. Thankfully, no financial information, reservation details or social security numbers were accessible to the hacker.
ZDNet Questions Real Numbers Behind MGM Resorts Leak
According to specialist media outlet ZDNet, hackers may have secured personal information of estimated 142 million hotel guests during the 2019 MGM Resorts International data breach. If the alleged number is true, this means that MGM Resorts underplayed the reported 10.6 million over 13 times.
ZDNet argued that their team has uncovered evidence of the stolen information at a cybercrime marketplace. It was claimed that hackers had 142,479,937 guest records, all of which were for sale for $2,939.76.
According to ZDNet, MGM has confirmed the size of the breach, but GamblingNews found no collaborating source. What we know for sure is that MGM Resorts posted information about the 10.6 million compromised accounts in February.
Citing ZDNet again, MGM Resorts spokesperson had reportedly this to say to the media outlet:
“MGM Resorts was aware of the scope of this previously reported incident from last summer and has already addressed the situation.”
MGM Resorts International spokesperson
MGM Resorts is now in the process of damage-mitigation and trying to notify all parties who may have been affected by the breach.
How Did the Breach Happen?
There is still some debate about how the breach occurred. According to the anonymous hacker who took responsibility for the attack, he or she was able to break into DataViper servers, which is a data leak monitoring service operated by Night Lion Security.
The claim was denied by Night Lion’s founder, Vinny Troia, who said that no such data breach occurred on the end of the company. Troia further added that he never had the data in the first place for it to be leaked.
However, the hacker had successfully secured 8,225 databases after going unnoticed on the DataViper’s servers for three months, providing proof in the form of various details about Instagram, eHarmony and Epic Games logins.
Troia argued that the hacker probably got into a test server and was only selling what data he or she had accessed previously, independently of any breach, and not something that was obtained as a result of poor security at Night Lion.
He issued a challenge to the hacker, reminding them that one of the reasons why Troia would allow anyone onto his own development environment was to obtain their IP.
Financial Information Still in Good Hands
While the data breach would have been a major blow to the reputation of the casino under different circumstances, MGM Resorts and Night Lion have not leaked any financial information, putting customers at ease.
Nevertheless, a prophylactic change of passwords where possible could not hurt. Meanwhile, affected consumers should know that their physical addresses, names and emails have been leaked, meaning they would need to be vigilant against phishing attacks.
ZDNet made sure that social security numbers, financial information, and reservation details weren’t part of the data. Experts have reminded that the chances of breaches going on that information alone are low, but using two-step authenticators and strong unique passwords were the safest and most meaningful way to protect sensitive data and information.