The company that runs Caesars Palace in Las Vegas says it also suffered a breach as MGM Resorts International continues to deal with an apparent ransomware incident at its properties.
Caesars Entertainment disclosed the hack today in a stock exchange filing. Attackers pulled off the breach through a “social engineering attack on an outsourced IT support vendor used by the company,” it said. This means the hackers may have pretended to be an employee at Caesars Entertainment and tricked the IT support vendor into giving up access to the company’s systems through a password reset.
The breach led the hackers to steal customer data through a loyalty program, a likely reference to Caesars Rewards. On Sept. 7, the company’s investigation found that details including driver’s license and Social Security numbers “for a significant number of members in the database” had been looted.
Caesars Entertainment didn’t immediately respond to a request for comment, making the scale of the breach unclear. But in the stock exchange filing, the company said: “We have no evidence to date that any member passwords/PINs, bank account information, or payment card information (PCI) were acquired by the unauthorized actor.”
Interestingly, Caesars Entertainment is signaling it paid off the hackers to prevent the stolen data from leaking or being sold to other cybercriminals. In the filing, the company writes: “We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result. We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused.”
The Wall Street Journal also reports that Caesars Entertainment paid the hackers about half of a $30 million ransom. The company’s stock exchange filing adds that despite the breach, the company faced no disruption to its hotels, online systems, or mobile gaming apps.
The same can’t be said for MGM Resorts International. For the last several days, the company’s hotels in Las Vegas have been experiencing an outage that has shut down the slot machines, websites, and even the digital keys for hotel rooms.
MGM Resorts has declined to provide details about the hack. But researchers at malware repository VX-Underground say they spoke with the hackers behind the intrusion, who said they are affiliated with the notorious ALPHV ransomware group.
“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation,” VX-Underground tweeted, later adding the same technique was used to breach Caesars Entertainment.
The hackers also told The Financial Times they originally tried to manipulate the slot machines at MGM’s casinos to spew out winning earnings before resorting to a standard ransomware attack. The culprits also go by the name Scattered Spider and are known for speaking English, which likely helped them pull off the social engineering attack.
In the meantime, MGM is only telling the public: “We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly.”