San Francisco: Touted as one of the biggest data breaches, hackers are now selling personal details of over 142 million guests, who stayed at the MGM Resorts hotels in Las Vegas, on the Dark Web for just $2,900 (nearly Rs 2.18 lakh).
The hacking came to light in February this year but at that time, the details involved 10.6 million users — celebrities, tech CEOs and employees, reporters and government officials — who stayed at the MGM properties in the casino capital in the US in 2019.
According to a ZDNet report, the new finding came to light after a hacker put up for sale the hotel’s data in an ad published on a dark web cybercrime marketplace.
“According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900,” said the report.
The hacker obtained the data after breaking into DataViper, a data leak monitoring service operated by Night Lion Security.
MGM Reports issued a statement, saying they were aware of the scope of the breach.
“MGM Resorts was aware of the scope of this previously reported incident from last summer and has already addressed the situation,” an MGM spokesperson was quoted as saying.
The leaked personal details included full names, home addresses, phone numbers, emails and dates of birth of high-profile guests, including Twitter CEO Jack Dorsey, pop-star Justin Bieber and officials from the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA).
MGM Resorts hotels include Bellagio, Aria, MGM Grand, Mandalay Bay, Park MGM, Mirage, Luxor and Excalibur in Las Vegas.
MGM Resorts hired two cybersecurity forensics firms to conduct an internal investigation into last year’s server exposure.
According to the hotel chain, it notified all impacted hotel guests in accordance with applicable state laws.
The leaked data is a treasure trove for contact details for many high-profile users, working for big tech firms and governments all over the world.
According to the report, these users are at a higher risk of receiving spear-phishing emails, and being SIM swapped.