The incident—revealed in a published report on ZDNet revealed that the details of more than 10.6 million guests who stayed at MGM Resorts were published on a hacking forum due to unauthorized access to a cloud server. Celebrities, tech CEOs, reporters and government officials were some of the victims in this breach. Some of the personal details found on the forum included full names, home addresses, phone numbers, emails and dates of birth for 10,683,188 guests who had previously stayed at the MGM Resorts, according to the report. MGM almost immediately confirmed the breach to ZDNet.
The following statement was released:
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,” MGM said, according to the report. “We are confident that no financial, payment card or password data was involved in this matter.”
Continuously scanning code and infrastructure can help prevent these types of breaches. Cloud misconfiguration allow hackers to steal AWS API key(s) housed in a publicly exposed instance. Unfortunately, these attacks are all too common. For example, server hacks, configuration errors and client-side threats are used for these type of hacks.