mgm

 

Malicious cyber criminals are at it once again. But this time, they are hoping to win the jackpot by attacking the MGM Grand hotel in Las Vegas. What happens in Vegas stays in Vegas… right?

 


 

The MGM (not so) Grand Hotel

This week, the report of a massive data breach took over the internet. Further, in the hot seat this week, we have the MGM Grand Hotel in Las Vegas

To begin, the personal information of over 10 million guests of the MGM was breached. Continuing, the cloud server storing such information was accessed by unauthorized personnel. Then, uploaded and leaked to an online hacking forum.

The personal information of guests included in the breach ranged from full names and addresses to phone numbers and birthdays. But, MGM claims that “no financial, payment card or password data was involved in this matter”.

Still, millions of people are left to pick up the pieces of the breach, including celebrities, politicians and tech giants alike.

 

The Breakdown

Alright, let’s get to the good stuff. Here is the quick bite break down the the MGM breach:

 

Who – MGM Grand Hotel in Las Vegas, Nevada

What – Massive data breach 

When – Summer 2019

Cause – Unauthorized access to private cloud server of the MGM

Number of People Affected – 10,683,188

 

Aftermath

After the discovery of the breach last summer, MGM took several steps to resolve the issue. The hotel conducted several internal investigations with cyber forensic companies. 

All in all, I think it is sad and slightly troubling that it takes a massive breach like this to open a company and or businesses eyes to the danger of not taking cyber security seriously. 

Although specifics haven’t been released as to how exactly the unauthorized users gained access, many are led to believe it had something to do with some type of misconfiguration on the server.

Further, a number of possibilities exist. But, security misconfigurations seem to be the common denominator in cases like this.

 

Who will be the next victim? Come back next Friday for the next article in out Cyber Attack of the Week series.