The cybersecurity system break-ins this month of casino giants MGM Resorts International and Caesars Entertainment shatter a public perception that casino security requires an “Oceans 11”-level effort to defeat it.
Hackers (Alphv / BlackCat) reached out multiple times.
Over the weekend, MGM decided to shut down their service that syncs accounts globally when they realized the hackers were sniffing passwords. But the hackers had admin access already
In the MGM victim chat, a random person kept showing up but no responses. The hackers could not verify if they belonged to MGM.
To reveal that the hackers had exfiltrated data, they created a data link that was password protected by combining two senior exec’s password.
The hackers are uncertain if the data has PII.
The hackers plan to disclose the data to Troy Hunt of HaveIBeenPwned.com
The hackers rant about MGM’s mistreatment, VX Underground reporting false reports, and the news grouping various hackers into one single entity, as well as false claiming the hacking group claimed responsibility before the attack took place.
Tech Crunch did not contact the hacker and the hackers make a request to verify their sources better.
Here’s one with line breaks: https://www.reddit.com/r/cybersecurity/comments/16iubsc/alphv_blackcat_just_released_an_annoucement_about/
the tl;dr:
That is very nice of you, thanks.