Las Vegas is one of the most luxurious hotels and attractions in the world, and living in the Strip can sometimes come with a hefty price tag. So what happens when a data breach hits one of these luxury destinations and leaks personal details to your high-rolling guests?
Well, there’s a disaster you created, all of this. In February, MGM Resorts announced that it had suffered a huge data leak in the summer of 2019 that included guest names, addresses and other personally identifiable information.
But now, new evidence has emerged that shows that the data breach was much more than initially thought. As previously reported, instead of facing about 10 million guests, leaks seem to indicate that more than 100 million guests are now at risk. Here’s what we know, and what you can do if you’re at MGM Resort.
MGM data breach worsens
According to an exclusive report from Zedinet, the chances of last year’s MGM Resorts data breach appear to be much higher than before. It is estimated that more than 142 million guests are now involved in this violation, who are now 10 times more at risk of identity theft!
How do we know that the amount has increased? Evidence of where the most infringing data ends has emerged: Dark Web Marketplace. In a popular hacker forum, a user posted a list for hotel data, which allegedly contained details of 142,479,937 guests. And to make matters worse, you can buy all this data for a little more than Rhythm 2,900 for a change in a list price!
The hackers who posted it also claimed that they got the data by attacking Data wiper, a leaked monitoring service contracted by MGM Resorts. To protect itself, Data wiper’s parent company claims that the amount of guest data is false, and that hackers are trying to discredit its company.
Regardless of who is at fault, MGM warns guests at risk of breach to take all necessary precautions for their own safety. And keep in mind that MGM has many features.
Fortunately, the leaked material did not include any payment information or financial data, a MGM spokesperson commented, adding that most of the data contained “contact information such as name, postal address and email address”.
Still, we still don’t know the exact scope of the information. Users of the Russian hacker forum discussed a breach involving nearly 200 million guests, security researchers who spoke to Intel firm KELA’s ZDNet. We will update this story as more information comes.
Another breach of concern: Live auctioneer leaked
MGME is not the only company that has recently suffered a significant breach. Popular e-commerce platform Live Auctioneers was included in an online data catalogue with a total of 3.4 million stolen user records, as reported by Bleeping Computer.
Similar to MGM, the data of live auctioneers to buy from other hackers was posted on a dark web forum. The data involved was mostly similar to MGM leaks, but also included two major differences: passwords and social media profiles.
If you used Live Auctioneer last year, you may be at risk of compromise. If you share your password across multiple platforms, it doubles.
What can I do to protect myself from this violation?
You can take steps to check if your data is involved, as well as protect yourself if you are part of a leak.
To check if your data is involved in this leak (or many more, about that), visit Have I Been Pwned. This website will allow you to enter your email address to check if your account has been covered for recent violations.
If you are affected by a data breach, you should change your email password immediately. If you share that password with another online account, hackers have a good chance of attacking you across the web.
You may want to set up two-factor authentication for all your frequently used accounts. Click or click here to see how to set up 2FA.
Ultimately, it’s up to us to take our security seriously, as well as to change our passwords frequently. As data breaches have become more common, it is wise to keep your eyes open and avoid slipping into false sense of security. If you are proactive, you will do more to protect your data than to wait for the next major breach.