Justin Bieber and Jack Dorsey may be among the 10 million MGM hotel guests whose personal information was just posted to a hacking forum

  • More than 10 million MGM hotel guests had their personal information leaked online this week, according to ZDNet.
  • Full names, addresses, phone numbers, emails, and birthdays were exposed, but MGM told Business Insider that no payment information was compromised.
  • MGM said it discovered the data breach last year and notified customers who were affected based on state laws. 
  • The singer Justin Bieber, Twitter CEO Jack Dorsey, and US government officials were reportedly among those whose data was leaked.
  • Visit Business Insider's homepage for more stories.

The personal information of more than 10.6 million MGM Resorts guests was posted onto a hacking forum this week, the news site ZDNet reported on Wednesday.

Celebrities, reporters, government officials, tech CEOs, and tech employees were among those affected, according to ZDNet.

ZDNet reported that it was told of the leak by a company called Under the Breach and that the two organizations worked together to verify the leaked information.

Full names, home addresses, phone numbers, emails, and birthdays of 10,683,188 people who had stayed at an MGM hotel were included in the leaked files, according to ZDNet.

MGM told the outlet that the information was older, and ZDNet said none of the guests it spoke with to confirm the data had stayed at one of the company's hotels after 2017.

A representative from MGM said the company couldn't confirm the number of people whose information was stolen.

According to ZDNet, among those whose information was leaked were high-profile people including the pop star Justin Bieber and Twitter CEO Jack Dorsey, as well as officials from the Department of Homeland Security and the Transportation Security Administration.

Twitter declined to comment on whether Dorsey's information was compromised.

MGM declined to confirm any specific people affected by the breach but told ZDNet it noticed the breach of a cloud server last year and had notified customers "as applicable by state law." It also said most of the information would be considered "phone book" information, meaning it could be found in a phone book or through a Google search, and most states do not require that people be notified when such information is released. 

The site Under the Breach came across the leaked files on an online forum commonly used by hackers, the company told Business Insider in a Twitter message. A researcher then cross-referenced the information with publicly available data and emails that had been exposed in previous breaches, the company said. ZDNet and Under the Breach also confirmed with several people whose information appeared in the leaked files that they had indeed stayed at MGM hotels during the time period in question.

The release of information stemmed from a breach on a cloud server that was discovered last summer. An MGM representative told Business Insider the company was confident that no financial information was stolen.

Upon discovering the issue, MGM said, it got two leading cybersecurity forensics firms to help with an internal investigation.

"At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again," the company representative told Business Insider.

Source: Read Full Article