In what appears to be a major cyber attack, the MGM Resorts International announced on Monday afternoon that it is working with cybersecurity experts and law enforcement to deal with a “cybersecurity issue affecting some of the Company’s systems.”
Reports are coming in that slot machines are offline and guests are locked out of their rooms at MGM properties, including the Bellagio and Aria. Vital Vegas reported that there is a “systemwide outage at Bellagio, possibly other MGM Resorts—cash payments only at restaurants, no room charges or credit cards, digital room keys don’t work.”
It’s affecting everything. MGM is scrod. https://t.co/zqURIKkfC4 pic.twitter.com/jGqlVWxNHI
— Vital Vegas (@VitalVegas) September 11, 2023
Vital Vegas also noted a similar hacking incident in 2019, where the records of 10.7 million customers were compromised, and names, addresses, birth dates, email addresses, and phone numbers were shared on a hacker forum and later on Telegram. An ongoing class-action suit is trying to determine what is owed to those whose identities were leaked in that attack.
Throwback to another time MGM was hacked. https://t.co/VPmmCftigT
— Vital Vegas (@VitalVegas) September 11, 2023
According to Bleeping Computer:
It appears that the outage started on Sunday night and computer systems in the resorts are currently down.
Reports online note that the company switched to manual operations as the outage credit card machines on properties have been affected.
The MGM Resorts main website is also down, currently informing that customers can make hotel reservations “at any of our destinations” over the phone.
MGM Rewards customers are also affected and they’ve been instructed to call a Member Services number between 6 AM and 11 PM, Pacific time.
In addition:
All MGM websites using the same domain name as the main one – i.e. mgmresorts.com – have been offline for hours.
BleepingComputer checked several of them and they all showed the same message, instructing visitors to call a phone number, including MGM National Harbor, Empire City Casino, MGM Springfield, MGM Grand Detroit, Beau Rivage, and The Borgata.
According to 8NewsNow, guests they spoke with “could not access their hotel rooms Sunday night using digital key cards. They also added that credit card machines were not functional at property restaurants, making eating at the hotel impossible for the guests.”
It’s not clear at publishing time which of the systems were intentionally shut down by the company to try and contain the intrusion and which shutdowns resulted from the hacking incident.
MGM has tens of thousands of rooms among its Vegas properties, which include MGM Grand, Bellagio, Cosmopolitan, Aria, New York-New York, Park MGM, Excalibur, Luxor, Mandalay Bay, and Delano. The casino also operates resorts in Macau and China.
This attack comes on the heels of a major incident over the weekend involving Square, which processes transactions for millions of small businesses worldwide. PJM’s Megan Fox reported:
Without the ability to process credit cards, many businesses have reported turning away customers who don’t have cash—or taking an enormous risk and writing down credit card information to process later, not knowing if the card will go through. Despite Square’s customers losing thousands of dollars per hour, their customer service line was shut down and goes directly to a voice message that says the service line is unavailable.
Although the incidents at the two companies resulted in similar widespread outages, Square said that its problems were internal and not the result of hacking:
The outage impacted an important part of our infrastructure, known as a Domain Name System, or DNS. While making several standard changes to our internal network software, the combination of updates prevented our systems from properly communicating with each other, and ultimately caused the disruption. The issue also affected many of our internal tools for troubleshooting and support, making them temporarily unavailable. There is no evidence that this was a cybersecurity event or that any seller or buyer data was compromised by the outage.
There was also a major cyber attack last week at a crypto casino:
The cyber attack targeting the cryptocurrency casino https://t.co/AJiCVxyvkL has resulted in a total damage of $41,300,000.
You can use real-time scanning of Domain Search to identify additional potential threats to the stabilized site. https://t.co/g5ZifEMVWW#Crypto #Hacking pic.twitter.com/3GNCnsReUa
— Criminal IP (@CriminalIP_US) September 10, 2023
At a blog called The Nimble Nerd, JJ points out that it’s not MGM’s assets that thieves are after: “Who needs poker chips when you can play with personal data?” He added:
Oh, the glitz and glam of Las Vegas! The dazzling lights, the thrilling casino games, and now, a complimentary cyber-incident courtesy of MGM Resorts. Truly, what happens in Vegas, doesn’t always stay in Vegas. Especially when it involves cybercriminals who can’t resist the allure of a jackpot in the form of your personal data. While MGM tries to shuffle its digital deck, we are left wondering if cybersecurity is merely a roll of the dice in the casino of life. [Emphasis added]
Indeed. Our interconnected world, while improving the efficiency of businesses and adding convenience for consumers, poses an increasing danger to the public and to the stability of, in particular, our financial systems. When a group of hackers, whether state-sponsored or private individuals, can take down entire systems and keep them offline for hours or days, confidence in those systems plummets. In recent years, we’ve seen everything from bank failures to a bunch of Reddit users short-squeezing GameStop stock to drive up the company’s shares, resulting in brokerages suspending trading. As this hack of MGM’s systems demonstrates, no company (or government) is too big to be compromised—something that should concern all of us.
It’s enough to make you want to bury your 401k funds in the backyard.
Join the conversation as a VIP Member