MGM Resorts was the victim of a hacking attack last year, which compromised the personal data of 10.6 million of its guests. The attack took place last summer, and the company notified the guests that were affected promptly once they became aware of the breach.
The incident has resurfaced in the news now because data from the breach has been published on a popular hacking forum. The data dump includes the personal information of tourists and other guests, including tech workers, celebrities, journalists and other high-profile individuals.
What Does the Breach Mean for You?
The dump includes the information for 10,683,188 guests. If you have ever been a customer of MGM Resorts then there is a high chance that your details are included in the list. It is considered best practice for companies to store credit card information in an encrypted format, separate to any other information about the guest, to ensure that in the event of a breach the risk of immediate financial loss is low. However, the hackers did get their hands on a significant amount of information about the individuals in the database, including:
- Full Name
- Date of Birth
- Home Address
- Phone Number
The information came from an attack that breached one of the company’s cloud servers. The attack was spotted and the breach resolved promptly, and the security team at the hotel has confirmed that no financial data or passwords were acquired in the attack.
The information that was collected, however, may be enough for attackers to use to commit identity theft or to attempt password resets on other services. The data acquired is old, appearing to date back to 2017, but if the emails and mobile phone numbers included in the dump are still accurate then the information could be used for sim swap attacks and spear phishing.
The Human Element of Security
Today, a lot of hacking attacks do not target the computer systems themselves, but rather the humans that use them. This is because most computer systems are at least superficially secure. Instead of struggling to find a vulnerability in an unknown computer system that is well set up and runs software that has had most security holes patched already, why not just ask the user to give them access to it? It’s a tactic that works disturbingly often.
Attacks such as spear phishing work by sending an email to a user, and making it look like the email is from a trusted source. In this case, MGM Resorts. Many people, when presented with an email from someone that knows the name and some other personal information, will trust that email and do as they are requested.
The end-user is the weakest link in many computer systems, and that’s why we offer training to help people avoid such attacks. Hook Security’s Phishing Testing & Cyber Security Awareness Training helps employers and their employees understand the most common risk factors, and explains simple but effective ways of identifying attacks and avoiding them. Contact us today to learn more or enroll in a course.
Source Article: https://www.google.com/url?q=https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/%23ftag%3DCAD-03-10abf5f&source=gmail&ust=1585411611715000&usg=AFQjCNGS8n4prUode9xFKxqqMBlAZlHofg