Some 142 million records relating to MGM Resorts International hotel guests have been publicly shared on Telegram.
Discovered by researchers at vpnMentor and revealed May 22, the four archive files totaled 8.7 gigabytes of data. Although there were 142 million records in total, the number of affected customers is believed to be around 30 million.
The stolen data includes full names, postal addresses, email addresses, phone numbers, dates of birth, email addresses and in some cases, passport and driver’s license numbers.
That data dates back to a breach initially reported to include 10.6 million records that occurred in 2019 but was first reported in February 2020. The records included government officials, chief executive officers and others, notable among them, then Twitter Inc. CEO Jack Dorsey and singer Justin Bieber. MGM Resorts confirmed the breach at the time, with some suggesting that the company had failed to secure a cloud-hosted database adequately.
Forward to July 2020 and the number of records blew out to 142 million. A hacker known as NightLion listed the 142 million MGM hotel guest records for sale at a price of $2,900 on a hacking forum.
NightLion claimed to have obtained the MGM Resort data as part of a hack of billions of records from cyberthreat intelligence and breach database company DataViper. Company founder Vinny Troia denied the hack at the time, claiming that the hacker only obtained access to a test instance.
Nearly two years later, it’s not clear where the data came from other than it exists. What is being offered on Telegram appears to be the same database offered by NightLion for sale on the now-defunct RaidForums hacking forum.
What is of interest is how Telegram is becoming more popular as a way for hackers to communicate and share information about data breaches. The vpnMentor researchers note that Telegram’s use of encryption and some anonymity, combined with ease of use, make it the perfect platform for hackers to post data breaches.
On the MGM Resort data, the researchers also warned that although the breach is now two years old, bad actors could still send phishing messages and scams to exposed users via SMS.