Iconic Las Vegas hotel brand MGM Resorts was left red-faced this week when hacked details of over 10 million guests, including celebrities, were posted online.
The dump of data on a hacking forum included many top chief executives and other VIPs including pop star Justin Bieber.
MGM admitted to tech news website ZDNet that the data was taken during a breach last summer and that all the individuals involved has been notified.
Although personal information like date of birth, phone numbers and addresses were taken, no payment details or passwords were stolen, according to reports.
Hackers had gained access to a cloud server that contained information on past guests to 2017.
MGM told ZDNet: “Last summer, we discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.
“We are confident that no financial, payment card or password data was involved in this matter.”
Ekaterina Khrustaleva, chief operating officer of web security company ImmuniWeb, said: “This particular incident reportedly contains only the victims’ personally identifiable information, so it is not all that perilous or likely to be used for blackmailing.
“We should, however, not underestimate the overall impact of the breach. It provides a wide spectrum of efficient attack scenarios for cybercriminals, spanning from spear phishing to BEC and Whaling.
“Victims should be cautious about any incoming messages, calls or emails. Those whose passwords or secret answers can be inferred from the compromised data need to urgently consider changing their passwords and secret questions if they have not yet done so.”
“This data breach is comparatively insignificant in light of the exposed details. Almost every day, cybercriminals on various Dark Web marketplaces offer stolen data coming from hotels and resorts, and not that infrequently the data contains extremely sensitive information about guests’ preferences and stay.”