• About
  • Advertise
  • Careers
  • Contact
Monday, February 6, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Data Breach

MGM admits to 2019 data breach affecting 10.6 million customers

by Cyber360 News
February 21, 2020
in Data Breach
0
MGM admits to 2019 data breach affecting 10.6 million customers
0
SHARES
3
VIEWS
Share on FacebookShare on Twitter

MGM Resorts has
confirmed there was unauthorized access to one of the company’s cloud servers in
2019 that contained information on a reported 10.6 million guests, possibly
including several high-profile guests.

MGM did not confirm the
number of people involved, but ZD
Net
working with the new security firm Under
the Breach
reportedly found data on 10,683,188 that SC Media was able to confirm included full
names, home addresses, phone numbers, emails, and dates of birth, posted to a hacking
forum.

“Last summer, we
discovered unauthorized access to a cloud server that contained a limited
amount of information for certain previous guests of MGM Resorts. We are
confident that no financial, payment card or password data was involved in this
matter,” MGM Resorts told SC Media in a statement.

The company believes no financial data or passwords were included in the data dump, adding it has informed the customers involved.

However, Ray Walsh, data
privacy advocate at ProPrivacy, said some customers did have more sensitive
data exposed.

“MGM Resorts has claimed
that no financial, card payments or passwords were stolen during the breach.
However, it would appear that at least 1,300 individuals had extremely
sensitive data stolen during the incident – including personal information from
their driver’s license, passport, and even military ID cards,” he said.

The company did not say
exactly how or why the cloud server was exposed, but Matt Walmsley, EMEA
Director at Vectra, believes is likely one of the normal causes behind such
breaches.

“MGM has acknowledged a
cloud ‘server exposure’. This could have easily been caused from poor cloud
configuration and security hygiene, or from offensive attacker behaviors. As
practitioners, we need to stop treating cloud separately from a security
perspective,” he said.

MGM Resorts said it promptly
notified guests potentially impacted by this incident in accordance with
applicable state laws, retained two cybersecurity forensics firms to assist
with its internal investigation, review and remediation of the issue.

The fact that the breach
happened about seven months ago without any public disclosure may have led MGM
to believe the data was not going to be used by the thieves, but as with many breaches
malicious actors sometimes wait months or years to tip their hand, said Adam
Laub, CMO, STEALTHbits Technologies:

“This is a great example
of how these breaches and their fallout can continue to haunt businesses for
quite some time. It’s likely MGM thought this incident was far in the rear
view, but the value of their particular dataset continues to have appeal,
despite its age and the potential staleness in certain spots,” Laub said.

Hotel chains and travel
companies were major targets for cybercrimials in 2019 with several being hit
with Magecart card skimming malware and others suffering from exposed cloud servers
like MGM Resorts.

  • Choice
    Hotels
    in August 2019 had an open MongoDB database discovered with information
    on 700,000 customers being taken and then held for ransom.
  • Two unnamed hotel
    chains
    discovered Magecart on their third-party online booking software.
  • In May 2019
    it was found the Pyramid
    Hotel Group
    stored security info on openly accessible Elasticsearch server
    with 85.4GB of data.
  • A bug in the
    Amadeus
    online reservation system which is used by 44 percent of the international air carrier
    market made it possible to access and change reservations with just a booking
    number.
Cyber360 News

Cyber360 News

Next Post
123456 was the most used passwords in 2019.

123456 was the most used passwords in 2019.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In