In February, a data breach affecting more than 10.6 million MGM Resorts’ hotel customers came to the fore. The company said that hackers gained unauthorized access to its database last year, and it had already notified affected people.
However, a new report from ZDNet suggests that instead of 10.6 million, more than 142 million customers might have been affected. The earlier data leak included personal details of guests such as names, addresses, phone numbers, and email IDs.
The report notes that a hacker has posted a listing on the dark web claiming to sell a database with MGM customer records for $2,939. The listing highlights that while February’s reports pointed out MGM Resorts’ data breach, it missed out on MGM Grand Hotel data leak.
In a statement, MGM Resorts told TNW it was aware of the scope of the incident:
MGM Resorts was aware of the scope of this previously reported incident from last summer and has already addressed the situation. The vast majority of data consisted of contact information like names, postal addresses and email addresses.
However, the hotel chain didn’t confirm the number of customers affected.
ZDNet’s report also said that threat research firm KELA notified the publication about posts on Russian security forums that advertised MGM data breach affecting more than 200 million customers.