MGM Hotel Guest Data Exposed & Dumped on Telegram

A total of 142 million records or almost 9GB of data were publicly shared on Telegram...

MGM Hotel

Another day, another data breach. This time, we have over 142 million records of MGM Hotels customers around the world being publicly shared on Telegram, exposing their personally identifiable information (PII). These would include details such as names, postal addresses, email addresses, phone numbers, and dates of birth of millions of people.

The information comes from the vpnMentor Research Team, which stumbled upon 4 archive files totaling 8.7GB of data that were leaked on Telegram. It is unclear how many people were exposed, but hackers who shared the files claim at least 30 million people had some of their data leaked.

The context

In February 2020, more than 10 million of these records were published on a hacking forum, while entire the 142+ million (142,479,938 to be more precise) batch was sold on the dark web in July 2020 for $2,900.

This time, however, the whole breach is available for free on Telegram, which can be accessed without any special tech skills.

For those who didn’t know, MGM Resorts International operates hotels in the USA and in China.

What can hackers do with this data?

Hackers typically use these sorts of big data sets to send phishing messages and scams to exposed users via SMS and email. They use the victims’ personal details to build trust and eventually drive better “conversions.”

Furthermore, as birthdays are included in the breach, hackers can specifically target the elderly as they tend to be easier targets.

What can you do if your data is exposed?

Even if you weren’t an MGM customer, you should NOT click on emails sent from the people you don’t know. And the same goes for attachments — do not open them if they come from unknown email addresses. Heck, we could say that you shouldn’t open suspicious attachments (those that are not images or PDF files) even from people you know, as their accounts may have been compromised and now they’re sending those messages to everyone.

Beyond email, you should also watch out for strange SMS and calls. Your best bet is to educate yourself about phishing attacks and all other kinds of scams — cause they do come in a variety of shapes and sizes.

Finally, it is advisable to change your passwords and, we might add, get yourself a VPN if you still don’t have one. By encrypting all communication between your device(s) and the rest of the Internet, it will make your Internet connection that much more secure. This is especially important when connecting to public Wi-Fi which is known as a spot where hackers wait for unsuspecting victims to get ahold of their personal information.

The bottom line is – get yourself the best security tools you can, educate yourself and stay safe online. Good luck! 🙂