In 2019, a data breach was reported by MGM Resorts, however, it seems that it is much more serious than previously thought. Now, the personal data of the guests are sold on the Dark Web.
For those who have never heard of MGM Resorts, it is an American hospitality and entertainment company that operates in different destinations such as Las Vegas, Detroit, New Jersey, among others.
However, last year a possible leak of private data from their guests was reported. The point now is that it seems that the leak was much more serious than previously thought.
142 million personal data on the Dark Web
Investigators have recently reported that they found 142 million personal data of former guests of the MGM Resorts hotel chain for sale on the Dark Web.
“Currently, a hacker is selling details of 142 million MGM hotel guests in a cybercrime market on the Dark Web.”Catalin Cimpanu’s tweet noted.
To be more specific, according to the report published by ZDNet, an advertisement was found where 142,479,937 details of the guests of “MGM Grand Hotels” are sold for a strangely specific price of $ 2,939.
Likewise, it is important to note that the payment of the information will be made in Bitcoin or in Monero, both cryptocurrencies commonly used on the Dark Web.
You are probably wondering, “How was this possible?” It turns out that the hacker appears to have reported that he obtained the data of hotel guests after breaching DataViper, a data leakage monitoring service operated by Night Lion Security.
However, according to the ZDNet report, Night Lion Security claims to have never had a copy of MGM’s customer database. Accordingly, the firm alleges that hackers want to ruin the company’s reputation with the hotel chain.
The main concern right now is that there is a possibility that they would collect more data than we know now.
In other words, hackers could have more than the 142 million data currently sold on the Dark Web. And, the main reason why the magnitude of the event is not known is because MGM has not offered more details.
In fact, it was in February of this year that it was learned that the gap had occurred and it was not thanks to the hotel chain. The information was released after a free download of 10.6 million hotel guest data was found on a hacker forum.
Subsequently, MGM admitted having suffered a security breach, but never indicated the magnitude of the breach.
The MGM Resorts ensures that the affected clients were notified of the event. Likewise, the stolen information does not include financial information or identification or social security numbers.
The news comes as a reminder of the amount of private information we offer every day. Not to mention how easy it seems to be to steal it.