Security News > 2020 > February > MGM Hotel breach highlights need for sophisticated cloud security
On Wednesday, cybercriminals posted the information of more than 10 million MGM Hotel customers on a hacker forum, exposing their personal data to thousands of criminals nearly a year after the initial breach.
In a statement to ZDNet, an MGM spokesperson said: "Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter." The hackers dumped the personal details-which include full names, home addresses, phone numbers, emails and dates of birth-for 10,683,188 former hotel guests, including Justin Beiber and Twitter CEO Jack Dorsey.
John Shier, Senior security adviser for Sophos, said the MGM breach was relatively small by modern standards and did not include particularly fresh information but it was a good example of the long-tail value of stolen personal data.
While it is still unclear how cybercriminals managed to get into the company's cloud server, the situation highlighted the need for better cloud security as many enterprises migrate services and data to cloud platforms.
"People are migrating to the cloud and they need to have better controls there, better visibility, and that's another space that enterprises need to focus on because attackers are not just attacking your enterprise. They're looking at the cloud for where you may have configured things wrongly so they can steal things from there." Gad Bornstein, security evangelist with PerimeterX, said the hackers probably exploited data stored in cloud servers that didn't have the highest level of protection and managed to siphon off millions of records.
News URL
Related news
- Whitepaper: Reach higher in your career with cloud security (source)
- Transforming cloud security with real-time visibility (source)
- Top 5 Cloud Security Automations for SecOps Teams (source)
- Microsoft lost some customers’ cloud security logs (source)
- How AI Is Changing the Cloud Security and Risk Equation (source)
- Strategies for CISOs navigating hybrid and multi-cloud security (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Enhancing visibility for better security in multi-cloud and hybrid environments (source)