Security News > 2020 > February > MGM Hotel breach highlights need for sophisticated cloud security
On Wednesday, cybercriminals posted the information of more than 10 million MGM Hotel customers on a hacker forum, exposing their personal data to thousands of criminals nearly a year after the initial breach.
In a statement to ZDNet, an MGM spokesperson said: "Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter." The hackers dumped the personal details-which include full names, home addresses, phone numbers, emails and dates of birth-for 10,683,188 former hotel guests, including Justin Beiber and Twitter CEO Jack Dorsey.
John Shier, Senior security adviser for Sophos, said the MGM breach was relatively small by modern standards and did not include particularly fresh information but it was a good example of the long-tail value of stolen personal data.
While it is still unclear how cybercriminals managed to get into the company's cloud server, the situation highlighted the need for better cloud security as many enterprises migrate services and data to cloud platforms.
"People are migrating to the cloud and they need to have better controls there, better visibility, and that's another space that enterprises need to focus on because attackers are not just attacking your enterprise. They're looking at the cloud for where you may have configured things wrongly so they can steal things from there." Gad Bornstein, security evangelist with PerimeterX, said the hackers probably exploited data stored in cloud servers that didn't have the highest level of protection and managed to siphon off millions of records.
News URL
Related news
- How AI Is Changing the Cloud Security and Risk Equation (source)
- Strategies for CISOs navigating hybrid and multi-cloud security (source)
- AWS unveils cloud security IR service for a mere $7K a month (source)
- Are Long-Lived Credentials the New Achilles’ Heel for Cloud Security? (source)
- Best CSPM Tools 2024: Top Cloud Security Solutions Compared (source)
- CrowdStrike vs Wiz: Which Offers Better Cloud Security and Value? (source)
- CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Enhancing visibility for better security in multi-cloud and hybrid environments (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)