Dulce Martinez sought to enter her casino rewards account on Monday to make travel arrangements for an impending work trip, but kept getting an error message.
That’s strange, she mused, switching to Facebook to look for information about the problem in a group for MGM Resorts International loyalty members. She discovered there that a cybersecurity vulnerability had affected the biggest casino owner in Las Vegas.
Martinez, 45, instantly looked for the credit card connected to her reward account on her bank bills. She was now greeted by four more transactions that she did not recognize; she claimed that the prices went up from $9.99 to $46 with each new transaction.
The credit card was terminated by her. Martinez, a publicist from Los Angeles, said she signed up for the service out of concern for what other information the hackers may have taken.
According to MGM Resorts, the situation started on Sunday and has affected casino floors and reservations in Las Vegas and other states. Social media videos featured darkened video slot machines.
Some clients reported that their hotel room cards were not functioning. Some people claimed they would not be traveling this weekend. As of Friday, the issue has been ongoing for six days, and MGM Resorts continued to offer penalty-free room cancellations through September 17.
A spokeswoman for the corporation, Brian Ahern, declined on Friday to respond to inquiries from The Associated Press about the data that was exposed in the hack.
The largest casino owner in the world, Caesars Entertainment, announced on Thursday that it had also experienced a cybersecurity incident. The gambling behemoth claimed that the data breach did not affect the computer operations of its casinos or hotels, but it was unable to state for sure that the personal data of tens of millions of its patrons was secure.
Kim said that large casino operators like MGM Resorts and Caesars are guarded by sophisticated, high-end security measures. Yet, no system is flawless.
It appears the intrusions may have been carried out as a “socially engineered attack,” which means the hackers may have used methods like a phone call, text message, or phishing email to breach the system, according to Tony Anscombe, the chief security official with the San Diego-based cybersecurity company ESET.
A hacker gang claimed online responsibility for the attack on Caesars Entertainment’s networks and said it demanded the corporation pay a $30 million ransom price this week as security breaches left some Las Vegas casino floors vacant.
Whether either of the impacted businesses paid a ransom to recover access to their data is yet unknown. Yet, if one had, further assaults might be imminent, according to the experts.