142 million MGM guests exposed in data breach

A hacker has put the information of more than 142 million MGM hotel guests up for sale on a cybercrime marketplace. MGM Resorts suffered a data breach in summer 2019, but the breach wasn’t reported until February when roughly 10.6 million guests’ data were available for download on a hacking forum.

According to ZDNet, an MGM spokesperson said most of the data included contact information, such as names, addresses, and emails; birth dates and phone numbers were also included. Financial information, Social Security numbers and IDs were not compromised.

“The hacker claims to have obtained the hotel’s data after they breached Data Viper, a data leak monitoring service operated by Night Lion Security,” ZDNet reported. Data Viper advertises itself as a “threat actor intelligence research & brand monitoring platform for investigators and law enforcement.”

A separate report from KrebsOnSecurity Monday revealed that Data Viper, which provides access to roughly 15 billion usernames, passwords, and other information exposed in more than 8,000 website breaches, had been hacked and its user database posted online. Krebs reported that while some of Data Viper’s data is from publicly-disclosed breaches, it also collects private and undisclosed breach data.

 

continue reading »