142 Million Guests: Hackers Attempt to Sell MGM Grand Data Dump for Cryptocurrency
July 19th, 2020
Last year the giant resort firm MGM Grand was hacked and the cybercriminals ostensibly obtained a massive dump of names, addresses, phone numbers, and dates of birth. Now according to vendors on the deep web, hackers have been trying to sell the data dump for Monero or bitcoin. The hackers claim the dump has over 142 million MGM Grand guests’ information.
A recent report details that hackers have been trying to unload a large data dump with information on an alleged 142 million MGM Grand hotel guests.
The hackers have been attempting to sell the data on darknet markets for roughly $2,939 worth of bitcoin (BTC) or monero (XMR). The report initially stemmed from Zdnet and it was assumed last year that the hackers only obtained information concerning 10 million guests in 2019.
The sellers now claim there is data for approximately 142,479,937 MGM Grand hotel guests. However, the security group who monitored MGM Grand’s data says the hackers may be lying about how much information they actually stole.
Night Lion Security founder, Vinny Troia, told the columnist Catalin Cimpanu via email correspondence that the company did not own or manage MGM’s full database. A spokesperson from MGM Grand responded to an email from Cimpanu as well and stated:
MGM Resorts was aware of the scope of this previously reported incident from last summer and has already addressed the situation. The vast majority of data consisted of contact information like names, postal addresses, and email addresses.
When the data leak was revealed to the public, it was also discovered that the list of guests included a number of high-profile people and celebrities like the pop singer Justin Bieber and Twitter founder Jack Dorsey.
The hackers did publish a free sample, so the public could see that the attacker’s claims were seemingly legitimate. MGM Grand maintains that hotel stay details, Social Security numbers, and other types of financial data were not taken.
This isn’t the first time the MGM Grand data has made waves on the web. ZDNet discussed the situation with the Head of Research at the intel firm KELA, Irina Nesterovsky, about the subject when the media discovered the leak in February 2019.
Nesterovsky claimed at the time that the data dump was previously sold to “private hacking circles since at least July 2019.” Moreover, the posts that surfaced in Russia allegedly assert there was data on over 200 million MGM Guests.
Nesterovsky’s claims suggest that the data dump might be being separated into parts and then sold for cryptocurrency.