{"id":7044,"date":"2025-08-01T15:40:56","date_gmt":"2025-08-01T15:40:56","guid":{"rendered":"https:\/\/fastestpass.com\/blog\/?p=7044"},"modified":"2025-08-08T15:26:56","modified_gmt":"2025-08-08T15:26:56","slug":"mgm-hack","status":"publish","type":"post","link":"https:\/\/fastestpass.com\/blog\/mgm-hack\/","title":{"rendered":"The MGM Hack Explained: What Went Wrong & How to Stay Safe"},"content":{"rendered":"

\"The<\/span><\/p>\n

Imagine checking into a luxury hotel on the Vegas Strip, you’re excited, maybe heading to the casino floor or a show later. However, instead of a smooth check in, you’re informed that the system is down. No room keys. No digital check-ins. Slot machines? Offline. ATMs? Frozen. Employees are scrambling with clipboards and handwritten notes, as if it were the 1980s. That\u2019s not just bad luck, it\u2019s what happened when MGM Resorts got hit by a major cyberattack.<\/span><\/p>\n

The MGM hack, as it’s now widely known, wasn\u2019t some complicated code breaking Hollywood-style breach. It started with something surprisingly simple, and human. A phone call. A clever scam. And just like that, one of the biggest hotel and casino chains in the world was brought to its knees for days.<\/span><\/p>\n

If it can happen to them, it can happen to anyone. That\u2019s why today, we\u2019re diving deep into what happened, how it all unfolded, and most importantly, what lessons we can all take away from it, whether you’re an individual trying to stay secure or a business leader trying to protect your company. Stick around, because this story is both wild and full of insights.<\/span><\/p>\n

\n Get FastestPass <\/i><\/a>\n <\/div>\n<\/span><\/p>\n

What Is the MGM Hack?<\/b><\/h2>\n

In <\/span>September 2023<\/b>, MGM Resorts, which owns famous hotels and casinos in Las Vegas, suffered a massive ransomware attack known as the <\/span>MGM hack<\/b>. <\/span>Hackers phoned the company’s help line, claiming to be IT personnel, and requested a password reset or the disabling of multi-factor authentication on a top-level admin account. With that level of access, they breached the network and encrypted dozens of servers and systems, taking slot machines, room key systems, ATMs, and others offline. The mayhem continued for days.<\/span><\/p>\n

Damages reported were astronomical around $100 million in lost business and costs of recovery, and guest operations had to switch to an entirely manual system, with keys to rooms distributed on paper and menu orders written by hand by employees.<\/span><\/p>\n

\u00a0Who Carried It Out?<\/b><\/h2>\n

While MGM didn\u2019t explicitly name the attackers, security researchers tied the breach to <\/span>Scattered Spider<\/b> (also known as UNC3944 or Star Fraud), which is often connected to or working with the ransomware group <\/span>ALPHV\/BlackCat<\/b>.<\/span>\u00a0<\/span><\/a><\/p>\n

These groups are known for techniques like \u201cvishing\u201d, calling by phone and fooling staff into granting access\u2014and <\/span>MFA fatigue<\/b>, spamming approval requests until someone clicks yes.<\/span>\u00a0<\/span><\/a><\/p>\n

Why Did It Work?<\/b><\/h2>\n

It wasn\u2019t magic, it was a mix of human error and weak <\/span>security<\/span><\/a> design:<\/span><\/p>\n