Skip to main content

MGM data breach was over 10x more extensive than first reported

(Image credit: Image Credit: Balefire / Shutterstock)

A hacker selling a large database on the dark web has prompted security researchers to believe the 2019 MGM Resorts data breach was far larger than initially thought.

Earlier this year, it was reported that the breach affected 10.6 million people. However, the recently published database - available for just under $3,000 - seems to hold personal details on more than 142 million MGM guests.

According to the listing, the data was obtained during an attack on DataViper, a data leak monitoring service operated by Night Lion Security. ZDNet reached out to the company, which denies the allegation and claims it never had access to the full database.

Back in the summer of 2019, a hacker managed to find their way into MGM’s cloud servers, stealing information on the hospitality chain’s past customers. The company notified the affected customers, but never went public with the information.

"MGM Resorts was aware of the scope of this previously reported incident from last summer and has already addressed the situation," said an MGM spokesperson.

The vast majority of data contained contact information such as names, postal addresses and email addresses. Financial data and Social Security numbers were not compromised, MGM added.