Personal information for more than 10 million former guests of MGM resorts has been posted on a hacking forum. Among the notable data breach victims: Twitter and Square CEO Jack Dorsey. The leaked data includes home addresses, and is said to only affect guests who stayed at the hotel chain's properties before 2018.
MGM Resorts says the security incident took place in the summer of 2019, and that impacted guests were told last year. Catalin Cimpanu reporting for ZDNet:
According to our analysis, the MGM data dump that was shared today contains personal details for 10,683,188 former hotel guests.
Included in the leaked files are personal details such as full names, home addresses, phone numbers, emails, and dates of birth.
ZDNet reached out to past guests and confirmed they stayed at the hotel, along with their timeline, and the accuracy of the data included in the leaked files.
We got confirmation from international business travelers, reporters attending tech conferences, CEOs attending business meetings, and government officials traveling to Las Vegas branches.
MGM told ZDNet:
"Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,"
"We are confident that no financial, payment card or password data was involved in this matter."
[via techmeme.com, Catalin Cimpanu for Zero Day | February 19, 2020 — 23:27 GMT]