Hackers leaked on Monday the private data of more than 30 million MGM hotel customers in a post on Telegram.
The data, which comes from a breach that was first disclosed in 2019, includes names, addresses, emails, phone numbers, and birth dates.
A smaller portion of the data was published on a hacking forum in 2020 while the entire data cache was offered up for sale on the dark web for $2,900 that same year. Now, the whole 8GB database has been given out for free on Telegram.
“The ‘long-suffering’ complete leak of MGM Resorts International hotel chain customers (finally) got into the public domain,” the Telegram post states. “There are 142,479,938 lines in the full version of this leak…”
First discovered by the vpnMentor Research Team, the leak has given virtually anyone who can locate the public Telegram channel access to sensitive data such as 24,839,708 unique email addresses and 30,486,113 unique phone numbers.
The vpnMentor Research Team notes in a blog post about the leak that the data could be used for targeted attacks against customers.
“Bad actors could send phishing messages and scams to exposed users via SMS and email, using the victims’ full names and home or business addresses to build trust. As the breach is now 2 years old, the people exposed may not be expecting to be targeted,” the blog states. “They could also target elderly people (thanks to the detail regarding the date of birth) and try to scam them as an easier target.”
The data appears to only relate to those who were customers prior to 2017. Those who might have had their data exposed are urged to be weary of any suspicious text messages, phone calls, or emails alleging to be from the hotel chain.
MGM did not immediately respond to a request for comment from the Daily Dot.