An MGM Resorts data breach that exposed the personal information of hotel guests, including high-profile celebrities and business leaders, has affected millions more guests than originally thought, according to new reports.
The MGM Resorts data breach was first reported early last year with more than 10.6 million guests affected. However, this month, a hacker placed an ad on the dark web offering data on more than 142 million MGM hotel guests. The price tag for the information – which includes names, dates of birth, addresses, telephone numbers and email addresses – is $2,939.76.
Researchers have found stolen MGM hotel guests’ information for sale on the dark web since last July. However, this new offer of more than 142 million hotel guests’ information means the data breach might have affected far more than the 10.6 million guests originally reported.
Recently, a Russian-based hacking forum boasted more than 200 million hotel guests’ information for sale.
MGM confirmed the data breach last year. At the time, the data breach was expected to affect about 10.6 million hotel guests, including celebrities such as Just Bieber and executives such as Twitter CEO Jack Dorsey. While guests’ names, birth dates and contact information were exposed, officials said no financial data was breached.
An investigation into the data breach found an unauthorized user accessed a cloud server that contained hotel guests’ personal information.
The MGM data breach occurred two years after Marriott International, one of the largest hotel chains in the world, experienced a data breach that exposed the personal information of up to 500 million guests.