MGM, Caesars Hackers Claim They Stole Six Terabytes of Data

Posted on: September 15, 2023, 07:59h. 

Last updated on: September 16, 2023, 11:59h.

Devin O'Connor @CasinoorgDevinO Read More
Expertise: Asia Pacific Gaming, Commercial Gaming, Legislation, Politics.

The criminal organization behind the recent cyberattacks targeting MGM Resorts and Caesars Entertainment claims they stole six terabytes of data from the casino giants.

MGM Caesars hackers cyberattack Scattered Spider
BetMGM Sportsbook kiosks remain disabled because of the cyberattack of MGM Resorts. MGM has reportedly been victimized by the same criminal enterprise that earlier this month successfully targeted Caesars Entertainment.  (Image: Getty)

Scattered Spider, an international hacking enterprise, has claimed responsibility for the cyber assaults. MGM was targeted sometime this past Sunday, and the company’s operations in Las Vegas and across the U.S. remain severely interrupted five days later, as MGM is reportedly refusing to pay a ransom.

Caesars took a different approach, with the Caesars Palace and Paris Las Vegas operator revealing yesterday through a Securities and Exchange Commission filing that it paid a ransom after its Caesars Rewards database was hacked on Sept. 7. Though Caesars did not specify the ransom amount paid in its securities filing, reports have surfaced that the company agreed to a $15 million settlement. Scattered Spider had originally demanded $30 million.

Reuters on Thursday reached representatives from Scattered Spider via the online social media messaging platform Telegram. The media outlet says it was tipped off to a Scattered Spider source from a cybersecurity expert. Telegram is where data was shared during a 2019 hack of MGM’s systems.

Confidential Data Seized

Speaking with Reuters, the Scattered Spider official said its Caesars hack successfully resulted in the procurement of personal information on the casino’s rewards members. Those sensitive records included driver’s licenses and Social Security numbers.

The Scattered Spider spokesperson said the group’s hack of MGM was also fruitful for the illicit cybergang but did not detail what sort of data was stolen. Asked whether the group plans to make the data public, a vague answer was given.

If MGM wish to release that information, they will. We do not do that,” the Scattered Spider spokesperson said.

Scattered Spider also didn’t say how much of the six terabytes of data stolen from the two casino operators belong to MGM.

A terabyte is 1,000 gigabytes of data. Dropbox, a cloud-based file hosting service, explains on its website that 1,000 gigabytes can store about 6.5 million document pages.

Weakest Link

Cybersecurity experts say large companies like MGM and Caesars invest considerably in their IT security, and successful hacks are often because of human error and security officials being duped by bad actors.

Scattered Spider is known for posing as employees of the targeted company. The hackers often make phone calls to IT departments, with one common ploy involving a hacker acting as an employee who needs their email or login password reset.

Scattered Spider is well known for having very well-established social engineering capabilities that many groups do not, mainly because they are rumored to have a significant presence in the United States, a characteristic many other groups do not share,” Drew Schmitt, practice lead at GuidePoint Security, a cybersecurity consultancy, told Casino.org.

“Regarding the MGM hack, there has been a lot of emphasis on the fact that a brief social engineering phone call resulted in widespread compromise within a huge organization,” Schmitt explained. “We currently do not have the complete picture, and although this method of intrusion highlights some potential gaps in cybersecurity processes, there is likely much more to this intrusion than meets the eye.”

“Scattered Spider is highly determined and persistent in their operations. If it wasn’t for this social engineering attempt, it could have been another that relied on more technical means. Sometimes attackers get lucky, and this could be one of those times,” Schmitt concluded.