Stolen data from millions of MGM Resorts guests widely reported to have been posted to the dark web this week has actually been circulating on hacking forums for over six months, according to experts.
Irina Nesterovsky, head of research at cyber intelligence firm KELA, claimed that the most recent upload of breached data on nearly 10.7 million hotel customers was simply a repackaged bundle — as often happens on the dark web.
“The posting of this data was originally executed by threat actor ‘NSFW’ or his partners on July 10 2019. The data published this week has already been circulating in other forums for more than six months,” she revealed.
Nesterovsky shared a screenshot of the upload in Russian, confirming that the data dump included names, emails, dates of birth, phone numbers and addresses of former guests. However, it clarified that there are no passwords included, and that not all the fields are filled with data.
According to Nesterovsky, NSFW is a “close associate” of notorious cyber-criminal Gnosticsplayers, the individual responsible for releasing almost one billion user records from breaches at MyHeritage, UnderArmor, ShareThis, 500px, GfyCat and other firms.
The hacker was also linked to the September 2019 breach at leading game developer Zynga, which resulted in the compromise of 172.9 million unique email addresses, along with usernames and passwords.
Although the data on MGM Resorts guests has been circulating for some time, the latest upload could rekindle a new wave of scams, Nesterovsky warned.
“Affected MGM customers should expect to see fraud attempts made again because the information is being refreshed,” she told Infosecurity.
Hotels are an increasingly popular target for both cyber-criminals and nation state operatives.
The biggest incident of recent years affected Marriott International and exposed around 339 million guest records. The UK’s ICO has stated its intent to fine the firm £99m for security failings that led to the breach.