Hackers sell bigger MGM Grand data leak for Bitcoin on dark web

Earlier this year, ZDNet reported on the 2019 hacking of MGM resorts. The initial story detailed a colossal data dump on a hacker forum consisting of names, addresses, phone numbers, and dates of birth. Over 10 million hotel guests—including celebrities such as pop star Justin Beiber and Twitter CEO Jack Dorsey—were assumed to be affected. But that, it seems, was just a drop in the water.

This weekend, a dark web listing for the leaked MGM data revealed that victims might actually number in the hundreds of millions. The listing alleges that MGM Grand Hotels was breached alongside MGM resorts—a claim that, if true, would result in a further 142 million affected guests.

According to the dark web market ad, the oddly specific price of $2,939 is to be made in Bitcoin or the privacy coin Monero. Both cryptocurrencies are commonly used as payments on the dark web.

The listing discloses how the hacker managed to obtain the information. Per the ad, hackers allegedly exploited MGMs data leak monitoring service, DataViper. Though, speaking to ZDNet, DataViper representatives maintain that they never retained a full copy of the MGM database—stating that hackers are simply out to sully their reputation.

Posts on various hacking forums imply that the data relates to more than 200 million guests. Though, according to a 20 million person data sample obtained by ZDNet, many guests only had their names revealed rather than other personal or financial information. 

This latest breach highlights the perils of centralized databases and perhaps the need for decentralization.

With sensitive data all too often held in a centrally located server, all it takes is a single point of failure for hackers to gain entry. By contrast, decentralization fragments data across multiple servers, making it impracticable—and more difficult—for bad actors to get their hands on valuable information.

For former guests of MGM, however, the damage is already done.