Brinztech Alert: The Alleged Database of MGM Resorts is Leaked

Dark Web News Analysis

The dark web news reports a colossal data breach involving MGM Resorts, one of the world’s largest hospitality and entertainment companies. A threat actor is circulating a database allegedly containing the personal information of 142 million customers from the United States and Canada.

While the data reportedly dates back to 2019, the volume and nature of the records make it a critical threat. The compromised fields include Full Names, Phone Numbers, Postal Addresses, Email Addresses, and Dates of Birth (DOBs). This creates a comprehensive profile of millions of travelers, casino guests, and hotel patrons.

Key Cybersecurity Insights

Breaches of this magnitude in the hospitality sector act as a “force multiplier” for other cybercrimes, even years after the initial incident:

• The “Long Tail” of PII: Unlike passwords, which can be changed, Dates of Birth and Physical Addresses often remain static for decades. This means the data from 2019 is still highly effective for Identity Theft. Attackers can combine this “old” data with fresh leaks (like a recent password breach) to build a complete profile capable of bypassing security questions.
• High-Roller Targeting: MGM Resorts caters to a wealthy clientele. Attackers can filter this database to find individuals who frequent high-end properties (e.g., Bellagio, Aria). These targets can be subjected to sophisticated “Whaling” attacks—phishing campaigns designed specifically to trick high-net-worth individuals into transferring funds or revealing corporate secrets.
• Travel Pattern Exploitation: Knowing a victim’s home address and their history of travel helps criminals craft convincing scams. A text message saying “MGM Rewards: We noticed suspicious activity on your account from your last stay in Las Vegas” is likely to trigger an immediate, panicked response from the user.
• Cross-Breach Correlation: Criminals use “Combolists” where they merge this data with leaks from airlines or car rental agencies. This allows them to map out a target’s entire movement history and lifestyle, facilitating physical stalking or burglary planning.

Mitigation Strategies

To protect personal identities and financial security, the following strategies are recommended:

• Credit Freeze: Given the exposure of Dates of Birth and Addresses, affected customers (especially in the US) should strongly consider placing a security freeze on their credit reports with Equifax, Experian, and TransUnion.
• Credential Rotation: Even if passwords weren’t in this specific file, users should update their MGM Rewards passwords and ensure they are unique.
• Phishing Defense: Be wary of any emails or calls claiming to be from MGM Resorts Guest Services, especially those asking for payment verification or offering “free stays” in exchange for personal info.
• Account Monitoring: Watch for unauthorized points redemption or booking activity on loyalty accounts.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com