The discovery of a database for sale on the dark web suggests the 2019 data breach of MGM Resorts was significantly larger than initially reported.
Access to the database was made available on a dark web cybercrime marketplace for roughly $3,000. It contains the personal information of more than 142 million guests of MGM hotels, according to technology reporting site ZDNet. Earlier reports said the number of affected customers at 10.6 million.
The seller claims the data was leaked by Data Viper, a UK-based data leak tracking service that left between five and fifteen billion records on an unprotected online database. The records themselves were aggregated from previous data breaches and leaks.
Unclear is how the 10.6 million compromised accounts figures in the 142 million records leaked, and if the latter figure is the result of multiple data compromises of MGM Resorts data. According to ZDNet, the total number of compromised guests may exceed 200 million.
MGM Resorts has stated that they were aware of the scope of the breach and have “already addressed the situation.”