MGM Grand building with white broken lock centered

V_E/Shutterstock Anton Shaparenko/Shutterstock (Licensed)

Hackers use Telegram to leak sensitive data on 30 million hotel guests

The data includes millions of names, addresses, emails, phone numbers, and birth dates.


Mikael Thalen


Hackers leaked on Monday the private data of more than 30 million MGM hotel customers in a post on Telegram.

The data, which comes from a breach that was first disclosed in 2019, includes names, addresses, emails, phone numbers, and birth dates.

A smaller portion of the data was published on a hacking forum in 2020 while the entire data cache was offered up for sale on the dark web for $2,900 that same year. Now, the whole 8GB database has been given out for free on Telegram.

“The ‘long-suffering’ complete leak of MGM Resorts International hotel chain customers (finally) got into the public domain,” the Telegram post states. “There are 142,479,938 lines in the full version of this leak…”

First discovered by the vpnMentor Research Team, the leak has given virtually anyone who can locate the public Telegram channel access to sensitive data such as 24,839,708 unique email addresses and 30,486,113 unique phone numbers.

The vpnMentor Research Team notes in a blog post about the leak that the data could be used for targeted attacks against customers.

“Bad actors could send phishing messages and scams to exposed users via SMS and email, using the victims’ full names and home or business addresses to build trust. As the breach is now 2 years old, the people exposed may not be expecting to be targeted,” the blog states. “They could also target elderly people (thanks to the detail regarding the date of birth) and try to scam them as an easier target.”

The data appears to only relate to those who were customers prior to 2017. Those who might have had their data exposed are urged to be weary of any suspicious text messages, phone calls, or emails alleging to be from the hotel chain.

MGM did not immediately respond to a request for comment from the Daily Dot.

Read more of the Daily Dot’s tech and politics coverage

Nevada’s GOP secretary of state candidate follows QAnon, neo-Nazi accounts on Gab, Telegram
Court filing in Bored Apes lawsuit revives claims founders built NFT empire on Nazi ideology
EXCLUSIVE: ‘Say hi to the Donald for us’: Florida police briefed armed right-wing group before they went to Jan. 6 protest
Inside the Proud Boys’ ties to ghost gun sales
‘Judas’: Gab users are furious its founder handed over data to the FBI without a subpoena
EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
Share this article

*First Published:

The Daily Dot