Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Hackers expose personal details of 10 million MGM hotel guests

A major security breach has hit MGM Resorts hotels after the personal details of 10.6 million guests were posted on a hacking forum this week.

The stolen data belongs not only to regular tourists but also to celebrities, tech CEOs, and government officials — among them Twitter CEO Jack Dorsey and Canadian singer Justin Bieber.

The hack, which has been confirmed by MGM Resorts, was first reported by ZDNet following a tip-off from Under the Breach, a soon-to-launch data breach monitoring service.

Leaked files contain the personal details of 10,683,188 former hotel guests, including full names, home addresses, phone numbers, emails, and dates of birth. In an emailed statement to Digital Trends, a spokesperson for MGM Resorts said its team is “confident that no financial, payment card or password data was involved in this matter.”

The company said that it discovered the breach in the summer of 2019. While it has apparently made no public statement about the incident until now, it said that at the time, it contacted guests who may have been affected. It also hired two leading cybersecurity forensics firms to assist with an internal investigation into the incident.

ZDNet said that its own research suggests that none of the data corresponds with guests who made their first booking at an MGM Resorts hotel after 2017.

MGM Resorts isn’t the first hotel group to be targeted by hackers, with Mandarin Oriental and Trump Hotels among others to be hit in recent years. The biggest hotel-related breach, however, affected hundreds of millions of Marriott guests after cybercriminals stole their personal information over a period of several years before the hack was spotted in 2018.

Cybercriminals who succeed in stealing personal data may attempt to sell it via illicit hacking forums, with buyers hoping to use financial data for online shopping sprees or to withdraw money from bank accounts. MGM Resorts said customers’ payment data is safe, but the stolen information in this case could leave victims vulnerable to phishing attacks, SIM swap fraud, and other scams.

MGM Resorts told Digital Trends it takes its responsibility to protect guest data “very seriously,” adding that it has “strengthened and enhanced the security of our network to prevent this from happening again.”

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Wawa data breach: Hacker is selling 30 million credit cards on the dark web
wallet with cash and cards

Credit card data from a security breach that affected an East Coast convenience store chain last year was discovered being sold in the corners of the dark web this week. The amount of data stolen makes it the third-largest credit card breach in history.

Wawa convenience stores announced the attempts to sell the data in a news release on January 28. According to the Gemini Advisory Board, a company that identifies cyberthreats, the credit card information was found on the website called Joker’s Stash marketplace and exposed customer data from 30 million cards. 

Read more
Adobe left millions of Creative Cloud user records exposed online
A hacker inputting code into a system.

Adobe Creative Cloud subscribers are being warned to keep a look out for phishing emails after it was discovered that data belonging to more than seven million accounts remained exposed online for about a week.

Adobe Creative Cloud is a suite of applications that subscribers pay a monthly fee to use. It includes Photoshop, Lightroom, Premiere Rush, Premier Pro, and Illustrator, among other software.

Read more
Massive Words with Friends hack exposes 218 million account login details

A hacker has claimed responsibility for a massive breach of the popular mobile game Words With Friends, saying more than 218 million account logins and associated data have been stolen. The hacker, known as Gnosticplayers, told The Hacker News the data comes from Android and iOS versions of the game, and includes everything from names and email addresses, to hashed passwords, phone numbers, and Facebook identification.

Words With Friends developer Zynga released a statement on September 12 regarding a cyberattack, but did not go into the extent of the hack or the numbers involved. It set about reassuring players that it did not believe any financial information had been accessed, but that account login information had. Zynga said it had, “taken steps to protect these users accounts from invalid logins,” and that following further investigation players would be notified of any concerns.

Read more