MGM Resorts subject of a cybersecurity incident

News Hound

Casinomeister News
Staff member
CAG
MM
Joined
Feb 15, 2019
Their tweet they posted yesterday afternoon did not allude to one particular site or indeed all sites.

Screenshot 2023-09-12 at 22.07.38.webp
 
We’re in Vegas at the moment, apparently it’s affecting all MGM properties worldwide. Slots are off and people struggling to check in etc!

Local rumour says Caesars also got hacked but they paid the ransom! Who knows.
 
Crikey Mark, I take it you are not staying there?? I hate queues at the best of time, but if that was the queue to check in at a hotel I had booked, I think I would find another!

Although I do like the arrangement of glass flowers? on the ceiling directly above the check in desk, dentists take note!
 
Crikey Mark, I take it you are not staying there?? I hate queues at the best of time, but if that was the queue to check in at a hotel I had booked, I think I would find another!

Although I do like the arrangement of glass flowers? on the ceiling directly above the check in desk, dentists take note!
We were in Caesars so not affected thankfully. No surprises that our hotel got pretty busy on the back of it, they must be losing a fortune!
 
Ontario still up and live, Have not logged in or tried to spin though but everything looks normal here.

It was this exact day/week I was in Vegas years ago and that line almost looked like the line at our hotel, so kinda happy on staying at home nowadays,lol
 
Local rumour says Caesars also got hacked but they paid the ransom! Who knows.
Yes, I've also heard this from someone in Vegas - very interesting if so! The hacker group I believe, who've claimed responsibility, are from Russia last time I checked.
 
Looks pretty bad doesn't it? They'll probably try to recoup their losses by jacking prices up even higher and having 1/1 Blackjack and quintuple-zero roulette...

Don't they have self-service check-in terminals at the Bellagio?
Just from what I've seen personally, mainly first-hand accounts on Twitter, it does look like they're hiding a lot of what's been going on, saying everything is fine when it's not, etc. And I think the next worry is what information has been compromised! Quintuple-zero Roulette though, don't give them any ideas...
 
According to Sky News as at 11:26am KT ( King Time ) this morning, the MGM Resorts Group is still enduring this attack, which does sound like a ransomware attack.

@Mark_Lottomart any further news from the ground on this for us?

From the Sky News article, which you can read here:
You do not have permission to view link Log in or register now.


"Hotel booking systems and casino slot machines at one of America's biggest hospitality firms remain paralysed three days after it first acknowledged a significant cyberattack.

MGM Resorts has seen its share price decline by more than 6% and the incident is being investigated by the FBI."

Additionally other casinos and casino groups have been warned by authorities to be extra vigilant.
 
Last edited:
Whilst the MGM website now seems operable since late last night KT ( King Time ), there is still news filtering out about how deep this attack is and whether it is still ongoing. One report I have seen is a statement from the people responsible for the attack, but I am looking to find additional sources to verify its authenticity.

It does state though that they gained access to MGM's exsi hypervisor. It also alludes to the fact that they utilise Microsoft Azure cloud hosting solution.

I am aware of an issue with VMWare and exsi, whereby a known exploit was identified several months ago with VMWare offering a patch. This exploit, could allow someone to inject ransomware. Further info on this:
You do not have permission to view link Log in or register now.
.

So it could possibly be the MGM's IT team didn't apply the security update. If however, I find out more including whether the statement from the people behind the attack that I have seen is authentic, I will post in this thread.
 
Ok some more on this, Reuters is reporting the following:

The Scattered Spider hacking group said on Thursday it took six terabytes of data from the systems of multi-billion-dollar casino operators MGM Resorts International
You do not have permission to view link Log in or register now.
and Caesars Entertainment
You do not have permission to view link Log in or register now.
as both companies probed the breaches.

Speaking to Reuters via the messaging platform Telegram, a representative for the group said it did not plan to make the data public, and declined to comment on whether it had asked the companies for ransom. "If MGM wish to release that information they will. We do not do that," the person said.

Additionally I have been given this below, however, have yet to see an independent source linking to this statement, so as of yet, not sure if indeed it is authentic:

1694736189655.webp
 
What a mess! Just goes to show how much trust we put into massive corporations like MGM etc. not to get exploited. If it's online, it can get hacked at some point either through small ransomware groups - or beligerant governments like Russia, N.K.,or Iran. Just image how many lives would be turned upside-down and businesses destroyed with Google being hacked. Most everyone is using the "cloud" (which is technically someone else's computer) or free email accounts (if it's free - you are the product).

Blind faith and trust - and there is no getting around it unless you are willing to go off the grid.
 
15 million paid! Yes, that'll stop them.

I have a solution for this. How about making a mechanical slot machine with actual reel sets that are not powered by a computer chip?

Revolutionary, I know.

They could even get rid of the electronic spin button with, I dunno, a long metal arm with a ball on the end or something.
 
15 million paid! Yes, that'll stop them.

I have a solution for this. How about making a mechanical slot machine with actual reel sets that are not powered by a computer chip?

Revolutionary, I know.

They could even get rid of the electronic spin button with, I dunno, a long metal arm with a ball on the end or something.
I can imagine the size of these machines to hold the millions of cash to pay out!
 
I can imagine the size of these machines to hold the millions of cash to pay out!
Oh, that is a stumbling block.

How about keeping the cash in a secure safe somewhere? That way, when somebody wins, I dunno, let's say a $Million Jackpot, the casino staff can get the cash from the safe.

I would be inclined to use a safe that is not connected to the internet though, with real money, and not digital cash - progressive, eh?

How about a safe designed with mechanical gears only? Yes, that'll work.
 
I would be inclined to use a safe that is not connected to the internet though, with real money, and not digital cash - progressive, eh?
A real money progressive that isn't tracked digitally? That'll take some work... (sorry ?)

One of the problems of 24/7 news is they'll jump on any updates, and often skip the necessary steps to validate the authenticity to be first to air. The Financial Times talking about 'spitting out money from slot machines' is a curious one given most machines are TITO (ticket in, ticket out) and any cash goes to the bottom which is secured by physical locks - so the only mechanic there would be spitting out tickets and that seems like an awful lot of work for a cheap publicity stunt. It might be possible for ticket redemption machines or ATMs, but again it's pocket change compared to what they're demanding.

I might give them a bit more leeway if the story sounded credible, but it doesn't!
 
A real money progressive that isn't tracked digitally? That'll take some work... (sorry ?)

One of the problems of 24/7 news is they'll jump on any updates, and often skip the necessary steps to validate the authenticity to be first to air. The Financial Times talking about 'spitting out money from slot machines' is a curious one given most machines are TITO (ticket in, ticket out) and any cash goes to the bottom which is secured by physical locks - so the only mechanic there would be spitting out tickets and that seems like an awful lot of work for a cheap publicity stunt. It might be possible for ticket redemption machines or ATMs, but again it's pocket change compared to what they're demanding.

I might give them a bit more leeway if the story sounded credible, but it doesn't!
Easy to overcome if you make the Jackpot payout at a certain level, like the Hot Mode used in these software versions.

When the mechanical safe is near-full, the croupiers walk the floor handing out a raffle ticket to each punter. Then, you get a machine that is full of numbered balls, a mechanical device, which spits out one ball. The winner of the progressive jackpot is the bettor with the matching ticket.

There you have it - an unhackable, efficient and effective way to offer a progressive jackpot, without running the risk of being hacked because it is tech-free.
 
Why stop there?

Why not just convert MGM into barns, where prizes are guarded by Templars? Punters would walk in to the establishment bringing their gambling funds, such as, I dunno, chamber pots, bale, livestock etc

Maybe even spindles, if feeling particularly flush!

Jackpots would comprise of marrying one of the king's daughters, which could be traded for an alternative prize if unable to collect, say, a washtub or fancy hat?

That'll teach those f***ing hackers wouldn't it!
 

Users who are viewing this thread

Meister Ratings

Back
Top