MGM Cyberattack’s Scoop Came from Social Media

Posted on: September 14, 2023, 03:19h. 

Last updated on: September 14, 2023, 07:11h.

Corey Levitan Read More
Expertise: Commercial Gaming, Entertainment, Expert Insight, Las Vegas.

On Monday, Sept. 11, MGM announced that reports of guests being inconvenienced by a cyberattack were greatly exaggerated.

MGM Aria slot machines hack
On Thursday, a Twitter user posted this shot of a bank of offline slot machines at Aria. (Twitter/@cdegroff)

“Our resorts, including dining, entertainment and gaming, are currently operational and continue to deliver the experiences for which MGM is known,” the corporation tweeted.

MGM was hit with a ransomware attack sometime on Sunday, Sept. 10. The incident took MGM’s websites offline and disrupted gaming and resort operations at all 12 of its Las Vegas properties.

Most guests and visitors updating social media from the MGM Grand, Bellagio, Aria, Cosmopolitan, Park MGM, Luxor, Mandalay Bay, Excalibur, New York-New York, NoMad, Delano, and Vdara expressed a decidedly different take on the situation than MGM’s rose-colored assessment.

Their digital dispatches from the front line suggested that all gaming machines, sports betting kiosks, and ATM and rewards cards were offline for at least three days. In addition, previously issued digital room keys were rendered nonoperational, causing long and frustrating lines at front desks.

“random plain clothed people with walkie-talkies” seated in chairs riding all the elevators at Aria.
Twitter user @dan90266 posted on Friday that “random plain clothed people with walkie-talkies” who “say nothing and do nothing” were seated in chairs riding all the elevators at Aria. This is presumably because their emergency phone systems were still offline. (Twitter/@dan90266)

Systems Slowly Return

On Thursday, social media users were the first to report the good news that MGM’s systems were starting to come back online. However, there were still lingering problems. These included being unable to use food, beverages, casino play credits, and fraudulent credit card charges.

By Thursday night, Twitter user @PatRalston51 reported that Aria was “allowing people to play select games, but only with cash” and that “floor games that can gather and share info are off limits still.”

According to YouTuber and Vegas news source Jacob Orth, as of 11 p.m. Thursday at Park MGM, most — but not all — of the slot machines were back online, though payouts were still manual, with wait times anywhere from 20 minutes to an hour.

In the hotels, check-ins and check-outs on Thursday were still conducted manually.

MGM hack error message
Anyone attempting to visit a Las Vegas MGM Resorts website received an error message like this one through Friday morning. (Image: MGM screenshot)

As of Friday morning, many of the problems above began to be fixed. However, all property websites and apps remained offline, and no phones or TVs inside MGM hotel rooms were believed to be operational yet.

“We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly,” MGM tweeted on Friday morning.

A slight silver lining to guests was that the parking gates at all properties were stuck in the open position, allowing free garage access to anyone who wanted it.

A hacker group called ALPHV/BlackCat claimed responsibility for the cyberattack.