Accessibility Tools
Skip to main content
A photo of the Last Vegas strip with a purple hue

The MGM Grand Cyber Attack: A Social Engineering Heist

23 January 2025

A single phone call was all it took for hackers to bring MGM Resorts to its knees. In one of the most shocking social engineering attacks in history, cybercriminals bypassed security, crippling hotel operations and exposing sensitive guest data. With a $50 million ransom demand, the breach had far-reaching consequences, affecting everything from check-ins to high-profile guest records.

In this article Chris Howells, a social engineering expert, will break down how this attack unfolded—and the chilling reality of how easily human trust can be exploited. Who was behind it? And most importantly, what lessons can we learn to protect ourselves?

The Heist: How Social Engineering Brought Down a Giant

The attack on MGM Grand occurred on or around September 29, 2023 and is considered one of the largest breaches involving social engineering. The attackers gained access through a 10-minute phone call—a shocking display of how easily human psychology can be manipulated.

Two groups claimed responsibility for the attack, one of which, Scatter Spider, specializes in social engineering. While there was likely preliminary groundwork, the core of the attack resembled a high-tech version of Ocean’s 11—a carefully planned heist executed with precision.

The Ransom: A $50 Million Demand

The attackers demanded $50 million. MGM initially refused to pay, but within cybersecurity circles, it’s rumored that they ended up paying almost double to resolve the crisis. However, paying the ransom was no guarantee that the attackers were completely out of their systems.

The Fallout: A Hospitality Nightmare

The cyber attack wreaked havoc across MGM Resorts worldwide, affecting multiple services:

  • Hotel operations crippled: Guests were locked out of their rooms or unable to check in.
  • Casino disruptions: Systems were compromised, though the full extent was unclear.
  • Airlines impacted: MGM operates flight services that were also affected.
  • Elevator failures: A serious safety risk for guests.

The first 24 hours were dedicated to restoring essential functions. But beyond the operational damage, a deeper concern loomed—data security.

The Real Risk: Your Personal Data

When you book a stay at MGM Grand, you provide key personal details: your name, phone number, email, and credit card information. Now imagine hackers gaining access to:

  • Your email and financial details
  • Your spending habits during your stay
  • Your VIP status and room preferences
  • Your flight and travel plans

For high-profile guests, this data is invaluable. If you're a regular guest staying in a penthouse suite, hackers can prioritize your information for future attacks. This breach didn’t just affect MGM Grand—it put thousands of people at risk for identity theft, fraud, and further cyber threats.

The Ripple Effect: Employees and Healthcare at Risk

It wasn’t just guest data that was compromised. MGM’s employee payroll records, home addresses, and health insurance details were also at risk. In the U.S., healthcare data is a billion-dollar industry—hackers can sell medical records for substantial profits.

Why Do Companies Pay Ransoms?

Another casino was hit around the same time as MGM, but they paid the ransom immediately. Why? Because paying often provides a sense of closure. Many hackers promise to leave once paid, even providing reports on how they infiltrated the system—as if selling security services after robbing the place.

The Role of Social Media in Cyber Attacks

So how did hackers target MGM Grand in the first place? The answer is LinkedIn.

Social media provides an open door for cybercriminals to gather information on employees, their roles, and their company’s structure. Many people assume LinkedIn is a safe, business-only platform, but in reality, it’s a goldmine for hackers.

Lessons Learned: How to Protect Yourself

  1. Be mindful of social engineering attacks. A simple phone call can lead to a major breach.
  2. Limit the information you share online. Cybercriminals leverage details from LinkedIn and other platforms.
  3. Verify urgent financial requests. If someone demands payment or access via email, always double-check through another channel.
  4. Use multi-factor authentication (MFA). Never rely solely on passwords—add an extra layer of security.
  5. Educate employees on cybersecurity. Awareness is your best defense.

The Bigger Conversation: Social Media’s Role in Security

This breach opens a broader discussion on how social media impacts cybersecurity. Should professionals rethink what they share online? Are there safer ways to manage public business profiles? In our next discussion, we’ll explore how different age groups interact with social media—and why for some, it may be safer than others.

Until then, stay vigilant and take proactive steps to secure your online presence.

You must login to post a comment.
You are a guest ( Sign Up ? )
Loading comment... The comment will be refreshed after 00:00.

Be the first to comment.