NightLion hacker is selling details of 142 million MGM Resorts hotel guests

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web.

Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported.

A credible actor is selling details of 142 million MGM hotel guests on the dark web, the news was reported in exclusive by ZDNet.

In February, ZDNet revealed in exclusive that the personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.

The list of customers whose data were stolen includes celebrities, tech CEOs, reporters (i.e. Twitter CEO Jack Dorsey, Justin Bieber), government officials, and employees at some of the major tech companies.

The huge trove of data contains personal details for 10,683,188 former hotel guests, including full names, home addresses, phone numbers, emails, and dates of birth.

MGM Resorts Dump (source ZDNet)

At the time, ZDNet validated the authenticity of the data contacting past guests of the hotel, including international business travelers, reporters attending tech conferences and CEOs attending business meetings.

“The new finding came to light over the weekend after a hacker put up for sale the hotel’s data in an ad published on a dark web cybercrime marketplace.” reported ZDNet.

The hacker is attempting to sell the huge trove of data, details for 142,479,937 MGM hotel guests, for over $2,900.

The hacker claims to have obtained the database from the hack of the DataViper monitoring service operated by the security firm Night Lion Security. However, the company denies having had the full MGM database in its archives and insists that someone is attempting to ruin the reputation of the cybersecurity firm.

In February, the MGM Resorts chain confirmed it already notified all impacted hotel guests and reported the incident to the authorities.

According to MGM Resorts, the data was old, none of the customers in the archive stayed at the hotel past 2017. The company excluded that hackers have stolen financial and payment card data or passwords.

ZDNet speculates the MGM data breach could be even bigger than the 142 million, some posts on Russian-speaking hacking forums were advertising MGM dump containing details on more than 200 million hotel guests.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.