MGM database was among the list of databases stolen by NightLion hacker after breaching breach monitoring site DataViper.
In February 2020, Hackread.com reported a data breach targeted against MGM Resorts, in which over 10.6 million of its customers were affected. At that time, the data also contained information on guests like Justin Bieber and Twitter’s Jack Dorsey.
However, as per the latest reports, the number of affected users is way higher than this. Reportedly, around 142 million customers could have been affected by the breach as it has been discovered that a hacker is selling a large database of MGM Resorts customers.
The hacker has put up for sale around 142, 479, 937 records on sale on a prominent dark web marketplace for $2,939. All the records belong to MGM hotel guests.
It all started in 2019 when a hacker managed to infiltrate MGM’s cloud servers and hacked information of its hospitality company’s customer listings. At the time, MGM claimed that the data belongs to past customers, and didn’t contain sensitive details like financial information or Social Security Numbers.
However, ZDNet states that they were notified about the hacker selling MGM database on Russian hacking forums by KELA threat research firm. In the listing, the hacker claims to have records of over 200 million MGM customers.
Furthermore, it revealed that the data was acquired by targeting a data leak monitoring service called DataViper, operated by Night Lion Security. However, the company’s founder Vinny Troia denied any involvement claiming that Night Lion Security never had access to MGM’s full database.
According to previous reports, the leaked data contained personal details of guests who stayed at the resorts, including names, phone numbers, postal addresses, and email IDs. However, now researchers opine that the database may include data from MGM Grand Hotel’s data leak and MGM Resorts’ records.
MGM claims to be already aware of the data breach’s scope and has resolved the issue as well, but didn’t confirm the number of affected customers. Although MGM notified affected customers, the company never publicly disclosed the scope of the data breach.