Hackers are trying to sell the data of 142 million MGM hotel guests on the dark web, for about $ 2,900 in Bitcoin or Monero.
According to the portal ZDNet, the information is from a 2019 data leak, which MGM Resorts initially believed to have reached ‘just’ 10.6 million guests, as hackers posted a small sample of the available data for download.
Concrete figures at the moment
The new discovery, that a total of 142,479,937 guests had their data compromised, came after a hacker posted an ad to sell the information on a market in the dark web. The hacker claims to have accessed the information after a data leak from the monitoring service DataViper, which is operated by Night Lion Security.
The company’s founder, Vinny Troia, told the ZDNet portal that the company never owned any complete copy of the MGM database and that hackers were trying to ruin its reputation with such claims.
MGM hotels learned about the security problem last year, but did not make it public. Instead, they only notified the impacted customers.
Buy Bitcoin at Coinext
Buy Bitcoin and other cryptocurrencies at the safest broker in Brazil.
Register and see how simple it is, visit: coinext.com.br
Speaking to the ZDNet portal, a spokesman for MGM hotels said:
The MGM network was aware of the scope of this incident, which was reported last summer, and has already taken appropriate action.
The spokesman also added that most of the data consisted of “contractual information such as names, postal addresses, and email addresses.” Social Security numbers, reservation data and other financial information have not been accessed, according to the MGM network.
The situation can be even more serious
Irina Nesterovsky, Head of Research at KELA – a digital threat intelligence company – mentioned that hotel data has been on sale in private hacking groups since at least July 2019. Moreover, according to her, the situation could be even worse , as posts in Russian-speaking forums claim to have information on 200 million guests.
For now, it is only clear that the hacker who owns the data is trying to pass it on for $ 2,900, a deal being done via BTC or XMR in an undisclosed marketplace at dark web.