Back in February 2020, it was reported that 10.6 million MGM Grand Hotels guests’ records had been breached. However, it appears that the number of stolen records may have been much larger than that. Recently, a post on a Darknet marketplace was offering more than 142 million records related to MGM guests for a price of around $2,900 USD. A note on the site also claims that the information came from a breach of DataViper.io, but that was quickly debunked after ZDNet reached out to Vinny Troia who owns the company Night Lion Security, which operates the DataViper data breach tracking service. MGM was contacted for comments after the new reports were made and they released a statement verifying that they knew the scope of the breach. The included information consisted of names, phone numbers, email addresses, personal addresses, and DOBs, which is the same as what was reported in February. Some reports have even come to light that claim there are even more than 142 million records. Posts on some Russian speaking hacking sites state that there are more than 200 million records offered for sale. None of the offered breach datasets includes any financial information or credit card numbers, but guest names, dates of birth, telephone numbers and email addresses are included.
Affected users should have been contacted by MGM. However, targeted phishing attempts may continue to occur as the data keeps being redistributed. It is best for users not to open emails from unknown senders. Any email or text message claiming to be from MGM or any other outlet with promotional offers should be verified first before any interaction takes place.