Over 8 GB Database Exposing Millions of Hotel Guests Dumped (for Free) on Telegram

Over 142 million records were publicly shared on Telegram, exposing the personally identifiable information (PII) of MGM Hotels customers around the world, including the names, postal addresses, email addresses, phone numbers, and dates of birth of millions of people. 

On May 22nd, 2022, the vpnMentor Research Team stumbled upon 4 archive files totaling 8.7GB of data that were leaked on Telegram for anyone to find. It is unclear how many people were exposed, but according to the claims of the hackers who shared the files, we assume at least 30 million people had some of their data leaked.

In February 2020, over 10 million records were published on a hacking forum, while all the 142+ million were sold on a dark web cybercrime marketplace in July 2020 for 2,900USD. The breach had been initially discovered by the company back in the summer of 2019. 

This time, the whole breach is being shared for free on Telegram - a platform that is much more accessible for even the least tech-savvy people. 

The data exposed customers from before 2017 and included the following PII: 

• Full names;
• Postal addresses;
• Over 24 million unique email addresses;
• Over 30 million unique phone numbers; 
• Dates of birth

MGM Resorts International is an American hotel chain and entertainment company with hotels located in the USA and in China.

You can see a full breakdown of the leak in the table below: 

Potential Impacts

Bad actors could send phishing messages and scams to exposed users via SMS and email, using the victims’ full names and home or business addresses to build trust. As the breach is now 2 years old, the people exposed may not be expecting to be targeted. 

They could also target elderly people (thanks to the detail regarding the date of birth) and try to scam them as an easier target. 

What Should You Do If You’re Exposed?

You may want to take some steps to protect your data if you were an MGM hotel customer before 2017.

It is crucial to disregard any suspicious SMS messages, calls, and emails, while also equipping yourself with knowledge about phishing attacks, scams, malware, and various other types of cybercrime.

What Are Telegram Leaks and Why Should You Care?

As previously reported by our team, hackers are making more and more use of platforms like Telegram to communicate and share information about data breaches.

Telegram uses encryption and offers its users some anonymity. It is also easily accessible and doesn’t require any technical skills. This makes it the perfect platform for hackers to post data breaches, even more so if they want more people to have access to them.

Our cybersecurity researchers scour Telegram and the dark web to find the latest cyberattacks and data breaches. Hackers often post information on these channels before a cybersecurity incident is publicly known.

By reporting on these incidents, we’re able to inform potentially affected parties earlier so that they can act quickly to protect their data. Our research team similarly recently discovered a breach on Telegram affecting millions of VPN users. In the past, our team also discovered several data breaches affecting the hospitality industry, including the Pyramid Hotel Group and the Gekko Group.