Skip to main content
  1. Home
  2. Computing
  3. News

Hackers expose personal details of 10 million MGM hotel guests

Trevor Mogg
By

A major security breach has hit MGM Resorts hotels after the personal details of 10.6 million guests were posted on a hacking forum this week.

The stolen data belongs not only to regular tourists but also to celebrities, tech CEOs, and government officials — among them Twitter CEO Jack Dorsey and Canadian singer Justin Bieber.

The hack, which has been confirmed by MGM Resorts, was first reported by ZDNet following a tip-off from Under the Breach, a soon-to-launch data breach monitoring service.

Leaked files contain the personal details of 10,683,188 former hotel guests, including full names, home addresses, phone numbers, emails, and dates of birth. In an emailed statement to Digital Trends, a spokesperson for MGM Resorts said its team is “confident that no financial, payment card or password data was involved in this matter.”

The company said that it discovered the breach in the summer of 2019. While it has apparently made no public statement about the incident until now, it said that at the time, it contacted guests who may have been affected. It also hired two leading cybersecurity forensics firms to assist with an internal investigation into the incident.

ZDNet said that its own research suggests that none of the data corresponds with guests who made their first booking at an MGM Resorts hotel after 2017.

MGM Resorts isn’t the first hotel group to be targeted by hackers, with Mandarin Oriental and Trump Hotels among others to be hit in recent years. The biggest hotel-related breach, however, affected hundreds of millions of Marriott guests after cybercriminals stole their personal information over a period of several years before the hack was spotted in 2018.

Cybercriminals who succeed in stealing personal data may attempt to sell it via illicit hacking forums, with buyers hoping to use financial data for online shopping sprees or to withdraw money from bank accounts. MGM Resorts said customers’ payment data is safe, but the stolen information in this case could leave victims vulnerable to phishing attacks, SIM swap fraud, and other scams.

MGM Resorts told Digital Trends it takes its responsibility to protect guest data “very seriously,” adding that it has “strengthened and enhanced the security of our network to prevent this from happening again.”

Editors' Recommendations

Topics
Hackers may be hiding in plain sight on your favorite website
A depiction of a hacked computer sitting in an office full of PCs.
Online payment fraud has doubled over the past seven years
A person holding a ThinkPad Nano X1 Gen 2 laptop in front of a window.
Hackers found a way to access Gmail, Outlook, and Yahoo inboxes
how why email inbox to do app gmail
Hackers are using cookies to sidestep two-factor authentication
A large monitor displaying a security hacking breach warning.
A NordVPN 2-year plan is 63% off for the rest of today
Cartoon man sitting at a desk with secure images around him.
This HP laptop is typically $1,800, but right now it’s just $629
The HP ProBook 445 G8 with a task menu open.
The best cheap printers for 2023
Canon PIXMA TS6420a.
The best 15-inch laptops for 2023
Dell XPS 15 9520 front view showing display and keyboard deck.
The best mini-LED laptops for 2023
Gigabyte Aero 16 laptop sitting on a table.
The best mesh Wi-Fi systems for 2023
modem vs. router
The best Mac webcams for 2023
The Logitech Brio 4K Pro attached to a Macbook.
The best external hard drives for 2023
Seagate Backup Plus Ultra Slim 2TB HD box.
The best touchscreen monitors in 2023
Woman using ASUS VT229H touchscreen.