MGM Resorts hacker is selling 142 million guests' data

Companies getting hacked is no longer a rare occurrence but some intrusions are just so egregious that it feels like a script straight out of some spy or suspense film. The 2014 data breach into Sony Pictures' servers was highly publicized not just because of the sensitive material that were stolen but especially because of the alleged actors behind it. That, however, may pale in comparison to last year's data breach of MGM Resorts' cloud server which may now be threatening hundreds of millions of guests' privacy and security.

If it weren't for a second hacking incident last February, MGM wouldn't have probably admitted that it got hacked Summer of 2019. But while the more recent breach leaked only 10.6 million guest records, one hacker is selling what 142,479,937 records which it claims were from the earlier breach but was, in turn, stolen from leak monitoring service Night Lion Security yesterday. Night Lion denies ever owning data from the MGM breach.

For its part, MGM says it has already notified impacted users and is addressing the situation. It also clarifies that no financial information, IDs, social security numbers, or hotel stay details were pilfered, which ZDNet was able to confirm. Unfortunately, MGM also admitted that the data included gusts' names, postal addresses, and email addresses. Worse, it also included birth dates and phone numbers, details that would make it easier to commit identity theft.

That 142 million figure, however, might not even be everything. Private hacking circles have been passing and selling around an alleged 200 million records from that MGM breach as early as July 2019. Given MGM wasn't forthcoming with its disclosure, one can't exactly confirm or deny these theories.

For now, the 142-million database is being sold for $3,000, making each person's private details worth less than a cent. Aside from MGM's mostly generic PR response, the Grand Hotel owner seems to still be resorting to the same silence it used last year. Given how massive the payload is in this case, however, it might not be able to afford to stay that way for long.