Security News > 2020 > February > MGM Hotel breach highlights need for sophisticated cloud security
On Wednesday, cybercriminals posted the information of more than 10 million MGM Hotel customers on a hacker forum, exposing their personal data to thousands of criminals nearly a year after the initial breach.
In a statement to ZDNet, an MGM spokesperson said: "Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter." The hackers dumped the personal details-which include full names, home addresses, phone numbers, emails and dates of birth-for 10,683,188 former hotel guests, including Justin Beiber and Twitter CEO Jack Dorsey.
John Shier, Senior security adviser for Sophos, said the MGM breach was relatively small by modern standards and did not include particularly fresh information but it was a good example of the long-tail value of stolen personal data.
While it is still unclear how cybercriminals managed to get into the company's cloud server, the situation highlighted the need for better cloud security as many enterprises migrate services and data to cloud platforms.
"People are migrating to the cloud and they need to have better controls there, better visibility, and that's another space that enterprises need to focus on because attackers are not just attacking your enterprise. They're looking at the cloud for where you may have configured things wrongly so they can steal things from there." Gad Bornstein, security evangelist with PerimeterX, said the hackers probably exploited data stored in cloud servers that didn't have the highest level of protection and managed to siphon off millions of records.
News URL
Related news
- Harnessing the Power of CTEM for Cloud Security (source)
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)
- Exposing the top cloud security threats (source)
- The first steps of establishing your cloud security strategy (source)
- eBook: Cloud security skills (source)
- Building a strong cloud security posture (source)
- The Fundamentals of Cloud Security Stress Testing (source)
- 7 Best Cloud Security Posture Management (CSPM) Tools for 2024 (source)
- Cloud security incidents make organizations turn to AI-powered prevention (source)
- 51% of enterprises experienced a breach despite large security stacks (source)