Personal Details Of 10.6M MGM Hotel Guests Posted On A Hacking Forum – Cybersecurity Experts React

Cybersecurity experts commented tonight on breaking news that the personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s largest tech companies.

Subscribe
Notify of
guest

15 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Thorsten Geissel
Thorsten Geissel , Director Sales Engineering
InfoSec Expert
February 24, 2020 11:06 am

This breach is significant and the dumping of a treasure trove of customer details once again underlines the importance of having the same security levels for data that’s on premise, as for data stored in the cloud, to reduce the risks associated with hacks such as this. It’s a near-universal challenge for enterprises: the move to hybrid environments and more complex, fragmented networks makes it even harder to keep control. Without consistent policies you can pretty soon have a tangle of security gaps and compliance violations.

Last edited 2 years ago by Thorsten Geissel
John M. Perry
InfoSec Expert
February 24, 2020 11:03 am

Last summer, MGM discovered unauthorized access to a cloud server that contained guest information. The issue with MGM and similar breaches is that businesses are not adequately securing consumer data – whether in the cloud, in their network or at the point of intake – leaving personal information in the \’clear\’ and just waiting to be stolen. Companies need to devalue this data with security technologies like encryption and tokenization, otherwise these compromises will continue to happen

Last edited 2 years ago by John M. Perry
Robert Prigge
InfoSec Expert
February 24, 2020 10:56 am

Unfortunately, users’ data being exposed and made available to a wide range of bad actors is so commonplace in today’s connected world.

Organisations who hold any personal data of their customers must really improve their protection of such data.

There are technologies available today which can be used in a multifaceted security strategy. There is much “talk” about Zero Trust strategy. Organisations need to be taking action to move towards this as a priority. Security Analytics and Automation will provide the right foundations for delivering on Zero Trust and provide better security for their customers’ data as well as the organisations critical data and Intellectual Property.

Last edited 2 years ago by Robert Prigge
Peter Draper
Peter Draper , Technical Director, EMEA
InfoSec Expert
February 21, 2020 1:28 pm

Unfortunately, users’ data being exposed and made available to a wide range of bad actors is so commonplace in today’s connected world.

Organisations who hold any personal data of their customers must really improve their protection of such data.

There are technologies available today which can be used in a multifaceted security strategy. There is much “talk” about Zero Trust strategy. Organisations need to be taking action to move towards this as a priority. Security Analytics and Automation will provide the right foundations for delivering on Zero Trust and provide better security for their customers’ data as well as the organisations critical data and Intellectual Property.”

Last edited 2 years ago by Peter Draper
Ed Macnair
Ed Macnair , CEO
InfoSec Expert
February 21, 2020 1:26 pm

Cloud servers have been a consistent feature in many of the biggest data breach stories we have seen recently. In this case, it appears that criminals gained unauthorised access, which allowed them to extract data such as names, addresses, and passport details. It\’s a stark reminder of the risk that comes with cloud transformation – in the past this data would have been held on the hotel\’s own servers. In many ways, moving to the cloud has eroded the traditional perimeters that protected data, so companies need to make sure they have new security practices for the cloud.

Now this data has been stolen, and published on a hacking forum, criminals will be looking at how they use it to launch a new spate of attacks. It isn\’t financial information, so they can\’t cash it in right away, but the personal data of high profile individuals has its own value. The most likely form of attack we will see is impersonation attacks. Executives and CEOs who have had their data stolen should be asking if their organisation’s security is capable of defending against impersonation attacks, and must alert their companies to be on the lookout for any communications that may be using their personal details to impersonate them.

Last edited 2 years ago by Ed Macnair
Information Security Buzz
15
0
Would love your thoughts, please comment.x
()
x