MGM Customer Data Has Been on Dark Web for Six Months

Stolen data from millions of MGM Resorts guests widely reported to have been posted to the dark web this week has actually been circulating on hacking forums for over six months, according to experts.

Irina Nesterovsky, head of research at cyber intelligence firm KELA, claimed that the most recent upload of breached data on nearly 10.7 million hotel customers was simply a repackaged bundle — as often happens on the dark web.

“The posting of this data was originally executed by threat actor ‘NSFW’ or his partners on July 10 2019. The data published this week has already been circulating in other forums for more than six months,” she revealed.

Nesterovsky shared a screenshot of the upload in Russian, confirming that the data dump included names, emails, dates of birth, phone numbers and addresses of former guests. However, it clarified that there are no passwords included, and that not all the fields are filled with data.

According to Nesterovsky, NSFW is a “close associate” of notorious cyber-criminal Gnosticsplayers, the individual responsible for releasing almost one billion user records from breaches at MyHeritage, UnderArmor, ShareThis, 500px, GfyCat and other firms.

The hacker was also linked to the September 2019 breach at leading game developer Zynga, which resulted in the compromise of 172.9 million unique email addresses, along with usernames and passwords.

Although the data on MGM Resorts guests has been circulating for some time, the latest upload could rekindle a new wave of scams, Nesterovsky warned.

“Affected MGM customers should expect to see fraud attempts made again because the information is bei ..

Support the originator by clicking the read the rest link below.