The MGM Hack Explained: What Went Wrong & How to Stay Safe

Imagine checking into a luxury hotel on the Vegas Strip—you’re excited, maybe heading to the casino floor or a show later. However, instead of a smooth check-in, you’re informed that the system is down. No room keys. No digital check-ins. Slot machines? Offline. ATMs? Frozen. Employees are scrambling with clipboards and handwritten notes, as if it were the 1980s. That’s not just bad luck; it’s what happened when MGM Resorts got hit by a major cyberattack.

The MGM hack, as it’s now widely known, wasn’t some complicated code-breaking Hollywood-style breach. It started with something surprisingly simple—and human. A phone call. A clever scam. And just like that, one of the biggest hotel and casino chains in the world was brought to its knees for days.

If it can happen to them, it can happen to anyone. That’s why today, we’re diving deep into what happened, how it all unfolded, and most importantly, what lessons we can all take away from it—whether you’re an individual trying to stay secure or a business leader trying to protect your company. Stick around, because this story is both wild and full of insights.

What Is the MGM Hack?

In September 2023, MGM Resorts, which owns famous hotels and casinos in Las Vegas, suffered a massive ransomware attack known as the MGM hack. Hackers phoned the company’s help line, claiming to be IT personnel, and requested a password reset or the disabling of multi-factor authentication on a top-level admin account. With that level of access, they breached the network and encrypted dozens of servers and systems, taking slot machines, room key systems, ATMs, and others offline. The mayhem continued for days.

Damages reported were astronomical—around $100 million in lost business and costs of recovery—and guest operations had to switch to an entirely manual system, with keys to rooms distributed on paper and menu orders written by hand by employees.

 Who Carried It Out?

While MGM didn’t explicitly name the attackers, security researchers tied the breach to Scattered Spider (also known as UNC3944 or Star Fraud), which is often connected to or working with the ransomware group ALPHV/BlackCat. 

These groups are known for techniques like “vishing”—calling by phone and fooling staff into granting access—and MFA fatigue, spamming approval requests until someone clicks yes. 

Why Did It Work?

It wasn’t magic—it was a mix of human error and weak security design:

• No strong caller verification: The help desk accepted easily scraped info like LinkedIn profile details to reset MFA.
• Heavy IAM permissions: Once inside, attackers gained admin rights quickly and could create new accounts across cloud environments.
• Relying on MFA alone: While MFA is important, it fails when attackers manipulate support staff into disabling it.

The Wider Fallout

MGM responded by shutting down its networks—a massive safety measure that also caused widespread service disruptions. 

Legal and regulatory consequences followed. MGM now faces class‑action lawsuits tied to both this 2023 ransomware event and a prior 2019 data breach, together affecting about 37 million customers. The company agreed to a $45 million settlement in early 2025. 

And regulators like the FTC and FBI are still investigating how MGM handled the breach—and whether it acted appropriately. MGM even sued the FTC to try to block the investigation. 

What the MGM Hack Teaches Us

Let’s spell out the key lessons:

• Social Engineering Is the Real Target

Hackers don’t just exploit software—they exploit people. In MGM’s case, a single deceptive phone call unlocked the entire network. 

• IT Support Needs Identity Verification

A service desk shouldn’t rely on public or guessable information. Good verification requires more than what you know. 

• Access Control Matters

Admin-level access or global permissions are dangerous if misused. When attackers gain super admin rights, the damage spreads quickly. 

• Organizations Must Detect Early

Stopping a hack early—before ransomware deploys—requires monitoring unusual logins, unusual admin actions, and unexpected network changes.

 How You Can Protect Against the MGM‑Type Hack

Here’s a user‑friendly checklist:

• Train the Help Desk: Teach them to challenge suspicious calls, verify caller identity, and resist pressure tactics.
• Require “something you have” authentication: Use methods like push notifications, hardware keys, or device‑based verification, not just shared passwords.
• Limit admin privileges: Use least‑privilege principles and review admin accounts regularly.
• Deploy tools for surveillance and detection: Use EDR, SIEM, or PTaaS to monitor unusual behavior.
• Have a breach response plan: If something goes wrong, you’ll want a solid playbook ready.
  

How FastestPass Is Closing the Gap on Help Desk Risk

While FastestPass isn’t a help desk tool, it is one of the smartest steps you can take to protect your digital identity—and prevent the kind of password-related weakness that played a major role in the MGM hack.

Here’s how FastestPass can make your defenses more robust:

• Strong, Unique Passwords for Each Account
  One of the most frequent methods that hackers work their way through systems is by reusing passwords they’ve discovered in earlier breaches. FastestPass assists you in creating and maintaining strong, unique passwords for each login, so even if one account is breached, the others remain secure.

• Protection Against Phishing
  FastestPass completes login credentials only on the very websites they’re for—so if you mistype a phishing link that appears to be your bank or admin dashboard, your password won’t fill in automatically, alerting you to the scam.

• Secure Sharing and Team Vaults
  In business environments, workers tend to share credentials for tools and systems. FastestPass allows teams to share credentials safely—no more passwords distributed in email or messaging apps where they get hijacked or abused.

• Encrypted Vault with 2FA
  FastestPass stores all your login credentials and has multi-factor authentication (2FA) capability to keep intruders out, even if someone manages to obtain your master password.

Note:  While no password manager can stop a social engineering attack like the MGM breach entirely, tools like FastestPass are a key part of a stronger defense strategy. It ensures your team isn’t reusing weak passwords, clicking on phishing links, or storing sensitive logins in insecure places. It’s simple, smart, and could make all the difference in today’s threat-heavy world.

Why “mgm hack” Still Matters in [year]

Even though the hack happened in 2023 and the settlement wrapped up in early 2025, of course, it still matters today:

1. It’s a warning for every business that social engineering attacks are real, deliberate, and evolving fast.
2. Companies are still facing legal and regulatory fallout from this breach, for example, the $45 million settlement tied to sensitive data exposures. 
3. Help desk social engineering is now a mainstream attack vector. Attackers are using AI voice deepfakes, MFA fatigue, and other manipulations that make old tricks new again.

The Future: Stopping These Attacks Before They Start

The MGM hack isn’t a rare one-off. It’s part of a growing pattern of help‑desk scams and social engineering attacks targeting IT support staff directly. Security pros call this the help desk an attack surface threat. 

Preventing this kind of breach requires a combination of people-based training, robust verification tools, limited access controls, and an approved incident response plan—ideally supported by the right software, such as FastestPass.

Final Thoughts

The MGM hack was a major wake-up call. It showed that even the biggest companies, with all the tech and budget in the world, can fall if they overlook basic cybersecurity principles. A single phone call, a little social engineering, and suddenly systems across an entire hotel empire were shut down. It’s a clear reminder: cyberattacks don’t always need sophisticated code. Sometimes, they just need a crack in human judgment.

So, what can we do about it? Strength of help desk procedures is one part of the solution, but locking down everyday access is just as important. And that starts with how we handle passwords.

A strong password manager like FastestPass plays a key role in building better security habits by helping individuals and teams create, store, and manage passwords securely, all in one encrypted place. It reduces the risks tied to password reuse, phishing, and poor storage habits—all of which attackers love to exploit.

In today’s digital world, staying safe starts with the basics. And with FastestPass, you’re already one step ahead.