ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

MGM Resorts (2022 Update) Data Breach

mgmresorts.com
Major exposure
Verified breach
Accounts exposed 24,842,001
Breach date 25 Jul 2019
Added to tracker 29 May 2022
Data classes 5

What happened

In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. In May 2022, a superset of the data totalling almost 25M unique email addresses across 142M rows was extensively shared on Telegram. On analysis, it's highly likely the data stems from the same incident with 142M records having been discovered for sale on a dark web marketplace in mid-2020. The exposed data included email and physical addresses, names, phone numbers and dates of birth.

Exposed data

Dates of birth Email addresses Names Phone numbers Physical addresses

Recommended actions

  • Watch for targeted phishing emails referencing MGM Resorts (2022 Update) โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP