What to Learn from the MGM Resorts Cyberattack

by Staff Writer

What is MGM?

MGM Resorts International is known for its iconic casinos and resorts like the Bellagio and MGM Grand. The MGM resorts hack is a significant cyberattack that shook the company to its core. The breach compromised personal information, including names, addresses, phone numbers, and even passport details, of millions of guests. At the heart of this incident was a vishing scam, highlighting how even the most secure organizations are not immune to one universal system vulnerability: human error. 

Who Owns MGM Resorts?

MGM Resorts is a publicly traded company, which consists of many shareholder.

  • IAC owns 18.45%
  • The Vanguard Group owns 9.49%
  • T. Rowe Price Investment Management owns 4.692%
  • Corvex Management owns 1.83%
  • Geode Capital Management owns 1.69%

For more information, the remaining shareholders can be found here.

mgm hacker in action

2023 MGM Resorts Cyberattack

“Vishing,” or gaining access to systems through a convincing phone call rather than phishing, which is done through an email, requires less resources but more manipulation. A 2022 IBM report found that targeted phishing attacks that included phone calls were three times more effective than those that didn’t. In this case, the hackers found an employee who had their desired security clearance on LinkedIn and impersonated them in a call to MGM’s IT Help Desk asking for a password reset which they used to infiltrate and infect the system.

So how was MGM supposed to verify the identity of the person over the phone and prevent the MGM hack? Forgetting your password is incredibly common, and when you can’t access your work due to password issues, it is frustrating and unproductive. If the help desk is to truly help the employees of the company, they must find a way to know with certainty who they are speaking to is really who they say they are without being overly suspicious or invasive.  

How Does Hogo Fit in?

Hogo steps into protect your digital footprint and your peace of mind. Hogo is your personal online privacy defender, and we do the following:

  • Stop Data Brokers selling your personal information
  • Prevent Scams
  • Stop Spam Texts
  • Free Fraud Insurance
  • Cash Value Rewards for protecting your personal information

To learn more, click here.

Methods for Phone Verification

  1. Call back the Number on File:
  • In this process, when a user contacts a customer service representative or a support line, the representative may initiate a call back to the phone number on file. This method ensures that the person requesting assistance is indeed the account holder, as they should have access to the registered phone number.
  1. Video call: 
  • Video call verification is a more advanced and secure method using video conferencing technology to visually authenticate the caller. The caller might be asked to show their identification or answer questions while being visible on camera. This approach not only confirms identity but also adds an extra layer of security by verifying the caller’s physical presence.
  1. Security Questions on File:
  • Many organizations use predefined security questions to verify the caller’s identity. These questions can range from personal information (e.g., mother’s maiden name and date of birth) to specific account-related details (e.g., recent transactions and account balances). Correctly answering these questions proves the caller’s familiarity with the account.
  1. Verbal passcode:
  • A verbal passcode is a unique code or phrase that the account holder sets up in advance with the organization. When the caller contacts the company’s support line, they must provide this passcode to verify their identity. This method ensures that only the authorized account holder possesses the secret passcode.

Final Thoughts

Each of these identity verification processes serves a crucial role in maintaining the security and integrity of phone-based interactions with customers or users. Organizations utilize various methods, aligned with policies and required security levels, to protect and restrict access to sensitive information.

The MGM cyberattack serves as a cautionary tale for businesses worldwide. Phishing and vishing scams can cause significant financial and reputational damage to individuals and organizations. Understanding cybercriminal tactics and implementing strong security measures safeguards organizations and customer data from breaches. Cybersecurity is not just an IT issue; it’s a business imperative in the digital age.

by Staff Writer Oct 03, 2023

© 2024 ConsumerDirect®

Your privacy is important to us.
We use cookies and similar technologies which are essential for our website and our mobile app (collectively, the "Service") to function. We and third parties may also use non-essential cookies and similar technologies to collect and analyze usage, optimize our services, personalize content, tailor and measure ads, keep this site secure, and for any other uses as set forth in our Privacy Policy. Manage Cookies
Your privacy is important to us.
We use cookies and similar technologies which are essential for our website and our mobile app (collectively, the "Service") to function. We and third parties may also use non-essential cookies and similar technologies to collect and analyze usage, optimize our services, personalize content, tailor and measure ads, keep this site secure, and for any other uses as set forth in our Privacy Policy. Manage Cookies