MGM Resorts Hackers Broke In After Tricking IT Service Desk

MGM Resorts Cyberattack Stymies Slot Machines, Check-Ins. MGM Resorts Hackers Broke In After Tricking IT Service Desk

Updated: 9-11-2023

MGM Resorts Cyberattack Stymies Slot Machines, Check-Ins

* Casino Staff Resort To ‘Manual Mode’ And Handwritten Vouchers

* MGM Has Alerted Law Enforcement And Started Investigation

Keith Miller’s monthly visit to the Borgata casino in Atlantic City, New Jersey, was short-circuited by a cyberattack.

He and his wife, Nanako Miller, were temporarily prevented from checking into a hotel room. And they found that cashing out of slot machines involved handwritten vouchers and long lines at the cashier’s window. Even paying for lunch was a struggle.

“They couldn’t take credit cards,” he said. “These are all First World problems, but it was a pretty frustrating morning.”

Miller’s annoyance stemmed from an online attack on MGM Resorts International, which disclosed the breach on Monday.

MGM Resorts Hackers Broke In After Tricking IT Service Desk

CyberSecurity Newsflash!

The company said in a statement posted on social media that it took “prompt action to protect our systems and data, including shutting down certain systems.”

Mobile Phones From Apple, Google And Samsung, etc. Send Your Private Information To “Fake” Cell Phone Towers

Apple Sues NSO Group To Curb The Abuse Of State-Sponsored Spyware

Online Privacy Tools And Tips

Apple Cyber Flaw Allows Silent iPhone Hack Through iMessage

Spyware Finally Got Scary Enough To Freak Lawmakers Out—After It Spied On Them

U.S. Charges Chinese Agents In Hacking Scheme, More Cases Expected

Vast Troves of Classified Info Undermine National Security, Spy Chief Says

Pentagon Employee Charged With Providing Valuable Secrets To Individual Tied To Hezbollah

SEC Hack Proves Bitcoin Has Better Data Security

Hackers Prove The Insecurity Of Border Security By Stealing Photos Of Travelers’ Faces

Those $#%$# Idiots At The New York Federal Reserve Allow Hackers To Take $100million From An Account Held For Bangladesh

Chinese Hackers Breach U.S. Navy Contractors

IRS Fails To Prevent $1.6 Billion In Tax Identity Theft

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia

Blockchain Storage Offers Security, Data Transparency And immutability. Get Over it!

Nostr Allows Bitcoiners To Build-Out A Decentralized, CENSORSHIP-RESISTANT Social-Media!!

Case Law References And Citations

A message on MGM’s website, which lists numbers for concierges at 19 hotels across the country, said the site “is currently unavailable.”

A spokesperson said the attack started Sunday night and affected properties companywide. Some slot machines were taken offline, and staff were operating in “manual mode,” the spokesperson said.

In an emailed statement later Monday, the company stressed its casino gaming floors were “operational” but said it was working to resolve the outages.

The Las Vegas-based company said it has notified law enforcement and began an investigation with the help of external cybersecurity experts. The FBI in Las Vegas didn’t respond to an email seeking comment.

It wasn’t immediately clear who was behind the attack, and many details of the breach weren’t known.

A receptionist who answered the phone at Mandalay Bay, an MGM resort in Las Vegas that hosts the annual Black Hat cybersecurity conference, said guests had been unable to check in for a short time earlier in the day because the hotel couldn’t get into its system.

They were now able to check in, said the employee, who declined to provide his name.

Several accounts on the social media platform X provided further details of the fallout from the attack, though the reports couldn’t immediately be substantiated.

One, attributed to John Brennan at the handle @qpr01, said he was in the Borgata casino. “All computer systems are down. Slots will not accept tickets, and anyone trying to cash out is getting the Handpay message regardless of amount,” he said in his post on X.

A receptionist who answered the phone at the Borgata confirmed his account, saying she was told when she got into work at 4 p.m. Monday that the office internet had gone down around four hours earlier.

“The system is still down,” she said on Monday evening, adding that slot machines were only taking cash as a result. She said most guests were understanding but that “a couple are angry.”

Miller, who is from New York City, said the first clue that there was a problem happened on Sunday, when he and his wife used the MGM app for pre-check-in.

Normally, he said, they would receive a digital key, but that didn’t happen, so they checked in manually when they arrived in Atlantic City.

The next day, Starbucks and other food establishments wouldn’t accept credit cards, and slot machines wouldn’t take pay vouchers, which they spit out to winners to play in other machines or cash out at the window, he said.

Casino employees were handwriting vouchers at slot machines, creating long lines at the cashier’s window, he said.

Miller said they had checked in under his name on Sunday and went to switch to check in again on Monday under his wife’s name, but temporarily couldn’t because the systems were down.

They finally got into their room about 4:30 p.m. and plan to stay three more nights.

“We haven’t seen any charges on our credit card yet,” he said. “I’m assuming we are going to be able to stay.”

MGM Resorts was the victim of a July 2019 data breach that exposed the personal information of as many as 10.6 million customers.

In 2014, Iran waged a cyberattack against Las Vegas Sands Corp., whose chief executive officer and majority owner at the time, Sheldon Adelson, had made comments a few months before suggesting he would get tough with Iran in negotiations over its nuclear program.

The FBI has warned of the rise of threats against both physical and online casinos. Earlier this month, the FBI said a North Korean outfit known as Lazarus Group had hacked Stake.com, an online casino and betting platform, stealing $41 million in virtual currency.

The Nevada Gaming Commission, which regulates the casino industry in the state, this year introduced new cybersecurity regulations that require casinos to evaluate hacking risks and protect information systems.

The aim was to set forth the importance for gaming operators to take necessary steps to protect their information systems, the commission said.

Casinos must also inform the Nevada Gaming Control Board of a cyberattack no later than 72 hours of becoming aware of it.

Updated: 9-12-2023

Useless Slots, Cash Bars Annoy Casino Goers After MGM Hack

* Hackers’ Identity Isn’t Known, Nor Is The Attackers’ Motive

* Most Guests At Bellagio And Cosmopolitan Unaware Of Hack

MGM Resorts International has been saying its hotels and casinos are “operational” following a cyberattack over the weekend that appeared to take down everything from payment systems to sportsbooks.

Some of its patrons begged to differ.

Scanning a largely empty casino floor at the MGM Grand in Las Vegas on Tuesday, Marina Lopez said the hack has been a hassle. Restaurants were only taking cash, as was the poolside bar: She had to pay cash for a margarita the previous day.

An even bigger annoyance greeted guests eager to try their hand at the slot machines. Many one-armed bandits, she said, weren’t working.

“People came to play, they couldn’t play and they left,” said Lopez, a hotel guest from Santa Cruz, California.

Days after the cyberattack on Las Vegas-based MGM, the fallout at its properties along the city’s famous strip varied from casino to casino. Sportsbooks were closed at the Cosmopolitan and MGM Grand.

Several guests faced long waits to check in because staff was doing everything by hand, jotting down credit-card information on clipboards. Slot-machine attendants cashed out players the same way.

Many of the websites to MGM’s resorts, including the ones used to make reservations, remained down on Wednesday morning. The company was referring customers to third-party websites to make bookings.

“Our investigation is ongoing, and we are working diligently to resolve the matter,” MGM said in a statement Tuesday. “The company will continue to implement measures to secure its business operations and take additional steps as appropriate.”

Moody’s Investors Service published a report Wednesday describing the cyberattack as credit negative for MGM Resorts, saying it “highlights key risks related to business operations’ heavy reliance on technology and the operational disruption caused when systems need go offline or are inoperable.”

Additional risks include potential revenue losses while systems were down, reputational risk and any direct costs related to investigation and remediation, according to Moody’s.

The report also notes that BitSight, a cybersecurity ratings and analytics company, most recently scored MGM an F for its patching cadence, the speed an organization remediates exposure to known vulnerabilities. MGM didn’t immediately respond to a request for comment on BitSight’s grade.

In Las Vegas on Tuesday, more than half of the guests interviewed at the Cosmopolitan and the Bellagio, which seemed largely unaffected, weren’t aware of the hack. By midday Tuesday, credit cards were being accepted in at least some of MGM’s resorts.

Details of the attack remain scant, including who was behind it, their possible motive and the type of information the hackers may have obtained. The FBI office in Las Vegas was aware of the attack and assisting, an agency spokesperson said. MGM was also the victim of a 2019 data breach that exposed personal information on as many as 10.6 million customers.

MGM shut certain systems after discovering the attack over the weekend and began an investigation with the help of external cybersecurity experts, according to a statement posted on social media.

By Monday evening, MGM was saying its resorts, including dining, entertainment and gaming, were “currently operational.”

Clearly not without some snags.

A waiter at the Cosmopolitan, who asked not to be identified, said credit-card payments were working, but online orders and communications between properties remained down.

Traffic at the MGM Grand was noticeably light. A number of slot machines weren’t functioning, and an ATM machine wasn’t providing cash advances.

Updated: 9-13-2023

MGM And Caesars Hacked By Same Group In Span Of A Few Weeks

* Hacking Group Among Most Aggressive Attackers Targeting US

* Hackers Demanded A Ransom From Both Casino Operators

MGM Resorts International was hacked by the same group of attackers that breached Caesars Entertainment Inc. weeks earlier, according to four people familiar with the matter.

The hackers demanded a ransom from MGM, according to two of the people. It wasn’t immediately clear how much ransom was requested or if the hackers deployed ransomware to lock up the company’s files.

Caesars didn’t respond to messages seeking comment. The company disclosed the cyberattack in a regulatory filing Thursday.

MGM declined to respond to questions about the attack. In a statement on Tuesday, MGM said the investigation is ongoing. The company said it was continuing to implement measures to secure its business operations.

MGM was still working to resolve the turmoil caused by the hackers, known as Scattered Spider, four days into the cyberattack that has disrupted the company’s websites, reservation system and some slot machines at its casinos across the country, according to two of the people.

Caesars was also hacked by the same group in a cyberattack a few weeks earlier, and ended up paying tens of million of dollars to the hackers, according to the people, who asked not to be identified because the information is private.

The hackers first breached an outside IT vendor before gaining access to the company’s network, two of the people said. The attackers gained driver’s license and social security numbers for loyalty members, among other data, the company said in the filing Thursday.

“We have taken steps to ensure the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said.

Scattered Spider, which is also known as UNC3944, is composed of hackers who are based in the US and UK, some as young as 19 years old, according to a cybersecurity researcher familiar with the group.

The group has targeted telecommunications and business process outsourcing companies to pull off SIM swaps of phone numbers that can then be used in phishing attacks to steal data from victim systems and extort a ransom.

Charles Carmakal, chief technical officer for Mandiant Inc., part of Google Cloud, described the hackers as “one of the most prevalent and aggressive threat actors impacting organizations in the United States today.” Mandiant first came across the group in May 2022.

He said many of the members of the group are young native English speakers who are “incredibly effective social engineers.” They have started deploying ransomware encryptors and sometimes expose victims on infrastructure used by another hacking group, ALPHV.

The FBI said in April 2022 the group had leased its ransomware to others that has resulted in compromises of at least 60 entities worldwide.

In the MGM hack, Scattered Spider may have worked with ALPHV, according to two people familiar with the group’s operations.

Hackers use several different techniques to extort victims for money.

For instance, ransomware is a type of malware that locks up a victim’s computer files. The hackers then promise to provide a decryption key if an extortion fee is paid.

More recently, hacking groups have shifted away from ransomware and instead focused on stealing sensitive data from victims. They then threaten to release the information online unless they are paid.

Caesars Entertainment Paid Millions To Hackers In Attack

* Hackers Stole Data, Extorted Company, People Familiar Said

* Caesars Breach Came In Weeks Before MGM Announced Cyberattack

Caesars Entertainment Inc. paid tens of millions of dollars to hackers who broke into the company’s systems in recent weeks and threatened to release the company’s data, according to two people familiar with the matter.

The disclosure of the alleged Caesars breach comes as another Las Vegas entertainment giant, MGM Resorts International, announced that it was hacked earlier this week.

Caesars didn’t respond to requests for comment. On Thursday, after Bloomberg News reported that Caesars had been hit by a cyberattack, the company disclosed the hack in a regulatory filing.

The company’s shares were relatively unchanged Thursday at 9:49 a.m. in New York after dropping 2.7% Wednesday to $52.35.

The group behind the attack is known as Scattered Spider or UNC 3944, according to the people. Its members are skilled at social engineering in order to gain access to large corporate networks, according to cybersecurity experts.

In the case of Caesars, the hackers first breached an outside IT vendor before gaining access to the company’s network, according to the people.

The hackers began targeting Caesars as early as Aug. 27, according to one of the people.

Members of the hacking group are believed to be young adults, some as young as 19 years old, residing in the US and the UK, according to a person who has investigated multiple hacks by the group.

The attackers stole data including driver’s license and social security numbers from Caesars loyalty members, the company said in the filing Thursday.

Hacking gangs typically ask to be paid in cryptocurrency if they demand a ransom. Some attacks deploy ransomware that locks up computer files, and the hackers then provide a decryption key if the victim pays.

More recently, however, hacking gangs have stolen data from companies and then demanded payment, threatening to publish the information unless they are paid.

“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,“ Caesars said in the filing.

Updated: 9-14-2023

Group In Casino Hacks Skilled At Duping Workers For Access

* ‘Scattered Spider’ Suspected Of Recent Attacks On MGM, Caesars

* Hackers ‘Incredibly Effective Social Engineers,’ Expert Says

The hacking group suspected of cyberattacks against two giant casino operators has quickly made a name for itself for its skills in social engineering, such as tricking someone to gain access to a computer system or another storehouse of sensitive information.

Known as Scattered Spider and UNC3944, the group spun a web of chaos this week after launching a cyberattack at MGM Resorts International, according to five people familiar with the incident.

The cyberattack resulted in downed websites and slot machines and staffers to check people into hotel rooms manually.

The group has been causing havoc across North American companies in 2023, according to Adam Meyers, senior vice president of intelligence at Crowdstrike Holdings Inc., who said in an interview last month that the attacks had escalated to “a couple a week.”

The same group was behind an earlier attack on Caesars Entertainment Inc., according to the people. Caesars paid tens of millions of dollars to the hackers, who broke into the company’s systems and threatened to release data, according to two of the people.

On Thursday, Caesars said in a regulatory filing that it discovered suspicious activity in its information technology network “resulting from a social engineering attack on an outsourced IT support vendor used by the company.” The identity of the vendor wasn’t immediately known.

“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in the filing.

It’s still not clear how the attackers broke into MGM, which has declined to comment on specifics of the incident.

They are “incredibly effective social engineers,” said Charles Carmakal, chief technology officer for Mandiant Inc., which has investigated the group in depth.

He described the hacking group, which Mandiant first came across in May 2022, as “one of the most prevalent and aggressive threat actors impacting organizations in the United States today.”

Members of Scattered Spider are based in the US and UK, some as young as 19 years old, according to four cybersecurity researchers familiar with the group.

One of the group had a “mid-Atlantic” accent, according to Meyers, who listened into one of the first calls one of the hackers made to try to steal passwords, which was automatically recorded by the victim.

The hackers are renowned for calling or texting IT help desk workers and impersonating employees to trick them into sharing credentials.

This has included cloud computing accounts like Microsoft Azure and hypervisor tools such as AnyDesk and FleetDeck – which allow information technology employees to take over a computer remotely when someone has a technical problem, according to Meyers.

To stay undetected, the hackers use a virtual private network that makes it appear as if they are based in the same area as the victim account holder, so logging in won’t raise alarm bells with the IT team.

Mandiant, a cybersecurity company owned by Alphabet Inc.’s Google, released more details Thursday about the group, which they refer to as UNC3944.

In one incident that Mandiant’s ransomware experts dealt with, the gang took over a Human Resources department worker’s Microsoft Teams video-conferencing software to contact their colleagues and lead them to a Microsoft-themed phishing page to steal more credentials.

Mandiant said when its incident response team communicated with the hackers on behalf of its clients, they “engaged in aggressive communications with victims, such as leaving threatening notes within a text file on a system, contacting executives via text messages and emails.”

According to Mandiant and Meyers, the attackers appear to have graduated from sim-swapping circles, in which a hacker bribes or convinces a telecommunications employee to port a victim’s number onto a new phone so the hacker can bypass two-factor authentication to gain access to software such as Gmail and Microsoft Outlook, as well as cryptocurrency and personal bank accounts.

Reached via the social media app Telegram, a person who identified as a member of Scattered Spider said the group numbers fewer than 10 people, mostly friends, and has been involved in hacking since they were 11 years old.

The person said the group picks targets carefully, focusing on companies valued from $15 billion to $45 billion, and that they don’t attack hospitals, oil refineries and power plants. The group’s motive is to get rich quickly and get away with it, the person said.

Bloomberg News couldn’t independently verify the person’s identity or affiliation with the hacking group. However, three cybersecurity experts assessed that the Telegram user was linked to the hacking group.

Scattered Spider has previously deployed a type of ransomware known as ALPHV to extort victims, according to Carmakal. Ransomware is a type of malware that locks up a victim’s files, and the hackers then demand payment to unlock them.

ALPHV is also the name of a hacking group that developed the ransomware, which it leases out to others — known as affiliates — for a fee. ALPHV was first detected in November 2021.

ALPHV uses a programming language named Rust, which helps it evade conventional cybersecurity detection measures and makes it harder for incident responders to reverse engineer the attackers’ malware code, according to Microsoft Threat Intelligence.

The FBI said in April 2022 that ALPHV ransomware had been used in at least 60 attacks worldwide.

ALPHV is likely Russia-based, said Brett Callow, a threat analyst at the cybersecurity company Emsisoft. He is among experts who believe the group evolved from earlier Russian hacking outfits that disbanded following a spate of high-profile ransomware attacks, including the 2021 ransomware attack on Colonial Pipeline Co.

In a statement posted on the group’s dark web page on Thursday, ALPHV said that it deployed ransomware on MGM servers after representatives from the company didn’t respond to its ransom request.

The group deployed ransomware on Sept. 11, the statement said, adding that they still have access to some of MGM’s infrastructure. Claims that teenagers from the US and UK broke into MGM were just rumors, according to the statement.

A MGM spokesperson didn’t immediately respond to a request for comment on ALPHV’s claims.

Alex Waintraub, an incident responder at the cybersecurity company Cygnvs Inc. said he has directly negotiated about 25 times with ALPHV since 2021 on behalf of hacked companies that call in cyber insurance to help.

The group’s ransom demands are all over the map, he said. “There is no pattern,” Waintraub said, adding that he has been able to talk down ransom demands by 70%.

The exact nature of the relationship between Scattered Spider and ALPHV isn’t known.

However, the representative of Scattered Spider said the groups have worked together multiple times and that Scattered Spider was grateful for ALPHV’s help in attacks on some companies.

The person boasted that Scattered Spider and ALPHV were just getting started.

The Cyberattack That Sent Las Vegas Back In Time

The security issue left MGM Resorts hotels on the Strip with an oddly analog vibe.

LAS VEGAS—The bellman at the Bellagio Resort & Casino was frank with the couple in line to check their bags early Wednesday morning.

“Just to let you know,” he said, “everything’s a mess right now.”

The full fallout from a cyberattack at MGM Resorts this week remains unknown, though it has frustrated travelers at every turn. Snaking check-in lines have been the norm, show and restaurant reservations have been upside-down and some slot machines have been dark.

MGM dominates a chunk of the Las Vegas Strip with a dozen hotels from Mandalay Bay to Bellagio.

For a place that promotes digital everything, from mobile room keys to slot machine vouchers, it’s been back to basics. Call it Bizarro Old Vegas.

All Hands On Deck

On a sweep through half a dozen MGM casino hotels, I saw employees armed with clipboards and pens everywhere. It was the strangest sight I’ve seen since MGM installed those handwashing stations on the casino floor when Las Vegas casinos reopened in June 2020 after the pandemic closure.

At Aria Resort & Casino, a crown jewel in the chain, concierges were pressed into service to help manually check out travelers. They wrote down guests’ names and emails on white slips of paper so they could send a receipt.

Behind the front desk, tables were filled with binders of master keys in case the system went down again and guests couldn’t get into their rooms.

At the luxe Bellagio, home to the famous fountain show, the reservations desk for the Cirque du Soleil show “O” told visitors who wanted tickets they needed cash or could book through Ticketmaster. Buffet workers wrote out credit-card numbers.

All parking was temporarily free.

Getting cash was a problem, with ATMs not working at many of the casino hotels. A sign on two ATMs at MGM Grand said no cash advances were available. MGM didn’t respond to requests for comment.

For visitors, it was an extended exercise in patience.

Tim Dorweiler, a parts and service director for a Dallas-area auto dealership, was in town for meetings at Mandalay Bay Resort and Casino.

He and his fiancée, Carrie Tremble, say they waited more than six hours for their room to be ready when they arrived Tuesday.

They canceled the reservation and fled to Planet Hollywood Resort & Casino, part of MGM rival Caesars Entertainment, which dealt with its own cyberattack late this summer.

It was the best option, he said, with some hotels charging rates as high as $1,300 a night. (MGM Resorts
is offering free cancellations through Sept. 17.)

This is the couple’s second visit to Las Vegas this month. A birthday trip over Labor Day was also a mess, with storms causing a 13-hour flight delay.

“We’re just doomed to not have good luck here in Vegas,” he says.

Delayed Gratification

Slot machine players at all the casinos had to play a waiting game. The machines couldn’t spit out the vouchers players receive when they hit the cash-out button. So attendants scurried around manually paying the balance, a practice typically employed when someone wins a jackpot.

One Bellagio slot attendant said she had delivered as little as one penny. As of Wednesday afternoon, some of the bigger casinos in the chain still had several slot machines out of order.

Shari MacDonald and her sister-in-law arrived at Bellagio on Monday from Peterborough, Ontario. On the agenda, she says: “Slots. Slots. Slots. And a side of shows.”

MacDonald is bummed she can’t access the casino freeplay she gets from her loyalty status and can’t cash in comps for free tickets to comedian Carrot Top at Luxor and other shows they wanted to see. She’s not mad, though.

“I’m being very patient and tolerant, because I can’t imagine how they’re feeling losing millions a day,” she says.

On Wednesday, Bellagio tried to lessen the sting by setting up a free coffee stand near guest elevators, with almond milk and Irish cream and hazelnut creamers.

At check-in, they served sparkling wine to lessen the lobby shock. Employees at Bellagio, Excalibur and other hotels also offered free water.

Judy Bender and David Cook, visiting from Michigan, weren’t pleased to find a two-hour line to check in at Luxor on Tuesday evening. They did appreciate the free wine and beer while they waited.

They took their small gambling budget to non-MGM casinos, after Cook waited more than an hour for an attendant to cash him out of the Triple Double Diamond slot machine.

The couple plans to return to Las Vegas next week after a swing through Arizona. They are booked at New York-New York, another MGM property. For now.

“Our fingers are crossed,” Bender says.

Stephanie Bayer was blissfully unaware of MGM’s computer issues when she plopped down at a Wizard of Oz slot machine at Bellagio Wednesday morning to kill time before her friend’s flight arrived for a girl’s spa-and-show weekend.

The Cleveland-area healthcare administrator says she just figured some slot machines were inoperable because it was early.

When she tried to cash out of her first machine, the employee who paid her out also delivered a voucher for food and drinks as a token of apology.

(I saw this happen a few times on Wednesday and was even handed one at Park MGM when I talked to a visitor about her woes.)

“And they say the house always wins!” Bayer says.

Updated: 9-15-2023

MGM Resorts Hackers Broke In After Tricking IT Service Desk

* Okta Warned About Hackers Using Similar Techniques In August

* Group Suspected Of Attack Is Well Known For Social Engineering

The online attack that disrupted MGM Resorts International resorts and casinos across the country began with a social engineering breach of the company’s information technology help desk, according to a cybersecurity executive familiar with the investigation.

David Bradbury, chief security officer at the identity and access management company Okta, said his company issued a threat advisory in August about similar attacks against some of its customers, in which hackers used a low-tech social engineering tactics to gain entry and then more advanced methods that allow them to impersonate users on the networks.

Okta’s advisory warned that hackers were tricking IT service desk staff into resetting multifactor authentication settings enrolled by “highly privileged users.”

At that time, Bradbury said his staff wasn’t sure who was behind the attacks. But in the weeks since then, he said “all signs are pointing” to a group known as Scattered Spider, the same outfit suspected of hacking MGM and Caesars Entertainment Inc. in recent weeks.

Okta has been assisting MGM, a customer, in its response to the attack, he said. Okta also counts Caesars as a client.

Brian Ahern, spokesperson for MGM resorts, declined to comment about specifics of the attack. Ahern said the company has been working with FBI and the US Cybersecurity and Infrastructure Security Agency since the breach, he said.

The FBI said in a statement provided to Bloomberg News that it is investigating both the Caesars and MGM incidents.

A former MGM employee who was familiar with the company’s cybersecurity policies pointed to the help desk as vulnerable to attack.

The person said that to obtain a password reset, employees would only have to disclose basic information about themselves – their name, employee identification number and date of birth – details that would be trivial to obtain for a criminal hacking gang.

The employee, who requested anonymity to discuss sensitive matters, said details were too easy to obtain and were the root cause of what “caught MGM up here.”

Ahern declined to comment on the former employee’s allegations.

Caesars said in a regulatory filing

that it identified suspicious activity in its network “resulting from a social engineering attack on an outsourced IT support vendor used by the company.”

The attack on Caesars occurred in recent weeks, and the hackers broke into the company’s systems and threatened to release data, according to two people familiar with the matter.

Caesars paid the attackers tens of millions of dollars, the people said. “We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in the filing.

Scattered Spider, also known as UNC3944, are known for its social engineering skills. Members of the group are based in the US and UK and some are as young as 19 years old, according to four cybersecurity experts familiar with the group.

They also sometimes work with a ransomware gang known as ALPHV, which is believed to be Russia-based, according to cybersecurity experts.

In a statement posted on the group’s dark web page on Thursday, ALPHV claimed credit for the attack and called reporting that teenagers from the US and UK were involved in the breach rumors.

The group also said MGM’s attempts to evict them from Okta system didn’t go according to its plans.

Bradbury, from Okta, said he wanted to get the word out about the hackers and their techniques so customers can bolster their cyber defenses.

He described the hackers as highly skilled in identity technology, “so we can expect that they will make more and more attacks going forward.”

Lina Khan Got Stuck In The Fallout Of The MGM Hack At Las Vegas

* The FTC Chair Was Among The Thousands Staying At MGM Hotels

* A Hack Over The Weekend Forced MGM To Take Down Systems

Among the hotel patrons snarled in the fallout of MGM Resorts International’s cyberattack was — unfortunately for the company — one very high-profile figure: Lina Khan, the chair of the US Federal Trade Commission.

On Tuesday night, she was among the 45 people waiting to check in at the MGM Grand along the Las Vegas strip as staff worked to manually fulfill everyone’s reservation, according to people familiar with the matter.

When Khan and her staff got to the front of the line, an employee at the desk asked them to write down their credit card information on a piece of paper.

As the leader of the federal agency that, among other things, ensures companies protect consumer data wrote down her details, Khan asked the worker:

How exactly was MGM managing the data security around this situation? The desk agent shrugged and said he didn’t know, according to a senior aide who was traveling with Khan and described the experience to Bloomberg as surreal.

Khan was among the thousands of MGM hotel patrons inconvenienced in the aftermath of the hack, which was said to be orchestrated by a group of hackers known as Scattered Spider.

Days after the incident, many of the company’s websites — including its reservation system — were still displaying error messages, some slot machines at its casinos across the country are still out of service and employees were handling processes manually.

FTC spokesperson Douglas Farrar confirmed on Friday that Khan was in Las Vegas to attend listening sessions on the proposed $24.6 billion merger of the grocery-story giants Kroger Co. and Albertsons Cos.

He declined to say whether the agency would investigate MGM’s data security practices.

Khan and the senior aide, who booked their reservations through a third-party site because MGM’s systems were down, didn’t receive a receipt, according to the aide. And on the way to their rooms, they bumped into some other guests who shared good news:

The digital key cards to their room worked. The bad news, they said: They walked into the room and found strangers were already staying in it.

MGM Resorts didn’t immediately respond to a request for comment. The company had already previously been the victim of a July 2019 data breach that exposed the personal information of as many as 10.6 million customers.

For what it’s worth: Khan was not the only high-profile figure caught in the fray this week. Comedians Amy Poehler and Maya Rudolph posted a video on social media of themselves dancing subtitled, “When you’re in Vegas with your bestie during a cyberhack.”

Bitcoin Information & Resources (#GotBitcoin)

Electric Eels Lead To Discovery of Batteries And Can Operate Nervous Systems of Prey From A Distance

When The Homeowners Association Comes For Your Home

California Opens Privacy Probe Into Who Controls, Shares The Data Your Car Is Collecting

The Middle East Becomes The World’s ATM

Ultimate Resource Covering The Private Equity And Credit Industry

Mobile Phones From Apple, Google And Samsung, etc. Send Your Private Information To “Fake” Cell Phone Towers

Petition: Replace US Police Departments With Private Sector Companies (#GotBitcoin)

Federal Reserve’s Wire & ACH Systems Go Down, Visa & Mastercard Raise Fees, Meanwhile, Bitcoin Works Just Fine

Mastercard Fined $18.6 Billion In Class Action Court Ruling For Over-charging U.K. Citizens #GotBitcoin

Oprah And The Rock Collect Bitcoin Donations For Maui Wildfire Victims

A Missouri School District Is Bringing Back Paddling To Punish Students