Skip to Content
© Marina Putilova | Dreamstime.com
Security & privacy

Personal info of 10 million hotel guests, including Twitter CEO and Justin Bieber, leaked online

Is there anything more relaxing than sipping a tropical drink on a glorious beach? Most would agree the answer is no.

The worst part about getting away for a vacation like that is all the planning you need to do ahead of time. Tap or click here for travel hacks that can help make preparation a cinch.

Once you’ve booked the flight and hotel, your worries are over and it’s time to have some fun — at least, you think your worries are over. Sadly, that’s not the case for millions of guests who stayed at a popular resort recently. It was hit with a massive data breach, putting travelers at serious risk.

Belieb it

Personal details of more than 10.6 million people who stayed at an MGM Resort hotel have been exposed online. But it wasn’t just regular folks who had their information compromised.

According to ZDNet and data breach monitoring service Under the Breach, celebrities, high-profile CEOs and government officials were part of the breach. The likes of Twitter CEO Jack Dorsey and pop star Justin Bieber made the list of victims.

Here is the type of information that was compromised:

  • Full names
  • Home addresses
  • Email addresses
  • Phone numbers
  • Dates of birth

The details were posted on a popular forum for hackers earlier this week; however, it appears the data breach occurred last year and wasn’t highly publicized.

An MGM spokesperson told ZDNet, “Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter.”

You may also like: How to avoid being tricked by coronavirus phishing scams

Apparently, MGM already sent notifications out, letting guests know what happened. But that might be too little, too late.

What to do if you were part of the MGM breach

Information found in data dumps like this is a goldmine for cybercriminals. They can use this information to attack victims with spear-phishing attempts or even target them with SIM-swapping scams.

SIM-swapping is an elaborate scam where criminals get basic information about the victim, which is available in data breaches like this one, and they contact their victim’s mobile phone carrier. They claim to be the victim and that their phone has been lost or stolen, so they need to activate a new phone with a fresh SIM card.

If they successfully pass the identity checks by answering security questions, the old SIM card is deactivated and the one the criminal has is activated. All of the calls and texts are now sent to the fraudster’s phone.

If this happens to you, your phone will stop working and you will notice a “No Service” warning. This is the first sign you’re being scammed. And it’s not just a lack of phone service you need to worry about — the thief can now try to access your bank and other online accounts. Tap or click here for more details on SIM-swapping.

Beware of phishing scams

Another potential threat after any huge data breach is phishing scams. Criminals create emails and text messages that spoof companies like MGM to try to trick you into clicking malicious links.

Since the MGM breach is in the headlines now, you might not think twice about receiving a message that’s supposedly from the company, but beware! It could be a phishing attack and lead to more problems like infecting your device with malware. Tap or click here to see another convincing phishing email making the rounds.

Keep an eye on your bank accounts

Even though MGM claims no payment information was affected by this breach, it’s a good idea to keep an eye on your bank and credit card accounts. Look for any suspicious activity and report it immediately if you spot anything unusual.

It’s the best way to keep your financial accounts safe. If your card was breached, your bank will issue you a new one.

We’ve given you all of the known information about this breach at this time. If there are any new developments, we’ll let you know. The best way to get this information quickly is to sign up for Kim’s Security Alert newsletter.

Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook