LAS VEGAS—A data breach that was revealed by MGM Resorts in 2019 is much larger than initially reported, and is now believed to have affected more than 142 million hotel guests. The hotel and casino company in February of this year had initially said the breach involved approximately 10.6 million records.
The new finding came to light after a hacker put up for sale the hotel's data in an ad published on a dark web cybercrime marketplace, ZDNet reported.
According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900.
The hacker claims to have obtained the hotel's data after they breached DataViper, a data leak monitoring service operated by Night Lion Security. Vinny Troia, founder of Night Lion Security, told ZDNet that his company never owned a copy of the full MGM database and that the hackers are merely trying to ruin his company's reputation.
MGM told ZDNet it is aware of the scope of the breach. The MGM breach occurred in the summer of 2019 when a hacker gained access to one of the hotel's cloud servers and stole information on the hotel's past guests.