MGM Resorts Dealing With Significant Cyberattack (Update 3)

In Data Breach News, Cyberattack, News
September 12, 2023
MGM Resorts Dealing With Significant Cyberattack  (Update 3)
Image credit: GettyImages Ethan Miller

Hotel and casino operator MGM Resorts is dealing with a cyberattack that has somewhat sent it back into the digital dark ages at multiple properties and locations.

On September 11, MGM Resorts posted a statement on its Twitter account confirming that it was dealing with what it described as a cybersecurity incident. They did not indicate what kind of incident, but stated they had reported it to law enforcement and were investigating to determine the scope of the breach.

As part of its incident response, they shut down certain systems. A notice on the website provides telephone numbers to call to access different functions like reservations, attractions, and events. But while customers complained about slots, ATMS, and other services not functioning, MGM Resorts issued an updated notice on its Facebook page last night claiming that dining, entertainment, and gaming were currently operational and continuing “to deliver the experiences for which MGM is known.” Importantly, and in apparent contradiction to some earlier reports, they maintain that guests remain able to access their hotel rooms.

But not all of their claims may be quite accurate. in response to their Facebook update last night, some guests challenged their claims.

 Notice posted by MGM Resorts on Twitter on September 11, 2023.
Notice posted by MGM Resorts on Twitter on September 11, 2023.

A Facebook user from Blackpool responded angrily, “MGM Resorts: Every single slot is out of service at ARIA at this time! Maybe rethink that message above. Still cannot access folios.” Her complaint about ARIA was confirmed by another guest. Other guests expressed concern about their reservations, such as one who commented, “Are peoples reservations deleted and are going to be unable to check in? Checked my reservations and it said it could not be found.” MGM does not seem to have anyone responding promptly to Facebook queries.

MGM Resort has tens of thousands of hotel rooms in Las Vegas properties such Mandalay Bay, Aria, the Bellagio, and MGM Grand Las Vegas. Whatever happened also reportedly affected properties in other cities, such as the Borgata Hotel in Atlantic City, and the MGM Grand Detroit Casino.

At this time, there has been no statement as to whether any systems were encrypted. Nor is there any statement about whether customer or employee data has been exfiltrated by the as-yet unnamed attackers.

This is a developing story and The Data Breach Times will continue to follow it.

Update 1: September 13.

vx-underground reports that a member of a BlackCat subgroup known for its aggressive methods and social engineering skills contacted him to tell him how they gained access to MGM.

vx-underground tweeted:

A Tweet From vx-underground

All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.

A company valued at $33,900,000,000 was defeated by a 10-minute conversation.

No proof has been provided for the claim and MGM has not issued any statement in response to it. The company’s main website was unreachable again this morning.

Update 2: September 14.

Multiple news sources report that Caesar’s Entertainment recently paid “tens of millions of dollars” in ransom to the same group of attackers that hit MGM Resorts. The group, believed to be a subgroup of AlphV, is known as “Scattered Spider” or UNC3944.

Update 3:

September 15. vx-underground’s September 12 report on AlphV using LinkedIn and social engineering may be fake news. ALPHV denies having claimed responsibility or having spoken to anyone prior to their official statement on September 14. They do not specifically mention vx-underground’s reporting as being fake news, but their statement denying any previous contacts to journalists or researchers seems a clear refutation of what vx-underground reported.