UNITED STATES NEWS

Two Vegas casinos fell victim to cyberattacks, shattering the image of impenetrable casino security

Sep 15, 2023, 5:44 PM

An error message is displayed on a machine at MGM Grand in Las Vegas, Tuesday, Sept. 12, 2023. MGM ...

An error message is displayed on a machine at MGM Grand in Las Vegas, Tuesday, Sept. 12, 2023. MGM Resorts said a cybersecurity attack began Sunday, affecting reservations and casino floors in Las Vegas and other states. (K.M. Cannon/Las Vegas Review-Journal via AP)
Credit: ASSOCIATED PRESS

(K.M. Cannon/Las Vegas Review-Journal via AP)

LAS VEGAS (AP) — A persistent error message greeted Dulce Martinez on Monday as she tried to access her casino rewards account to book accommodations for an upcoming business trip.

That’s odd, she thought, then toggled over to Facebook to search for clues about the issue on a group for MGM Resorts International loyalty members. There, she learned that the largest casino owner in Las Vegas had fallen victim to a cybersecurity breach.

Martinez, 45, immediately checked her bank statements for the credit card linked to her loyalty account. Now she was being greeted by four new transactions she did not recognize — charges that she said increased with each transaction, from $9.99 to $46. She canceled the credit card.

Unsettled by the thought of what other information the hackers may have stolen, Martinez, a publicist from Los Angeles, said she signed up for a credit report monitoring program, which will cost her $20 monthly.

“It’s been kind of an issue for me,” she said, “but I’m now monitoring my credit, and now I’m taking these extra steps.”

MGM Resorts said the incident began Sunday, affecting reservations and casino floors in Las Vegas and other states. Videos on social media showed video slot machines that had gone dark. Some customers said their hotel room cards weren’t working. Others said they were canceling their trips this weekend.

The situation entered its sixth day on Friday, with booking capabilities still down and MGM Resorts offering penalty-free room cancelations through Sept. 17. Brian Ahern, a company spokesperson, declined Friday to answer questions from The Associated Press, including what information had been compromised in the breach.

By Thursday, Caesars Entertainment — the largest casino owner in the world — confirmed it, too, had been hit by a cybersecurity attack. The casino giant said its casino and hotel computer operations weren’t disrupted but couldn’t say with certainty that personal information about tens of millions of its customers was secure following the data breach.

The security attacks that triggered an FBI probe shatter a public perception that casino security requires an “Oceans 11”-level effort to defeat it.

“When people think about security, they are thinking about the really big super-computers, firewalls, a lot of security systems,” said Yoohwan Kim, a computer science professor at the University of Nevada, Las Vegas, whose expertise includes network security.

It’s true, Kim said, that casino giants like MGM Resorts and Caesars are protected by sophisticated — and expensive — security operations. But no system is perfect.

“Hackers are always fighting for that 0.0001% weakness,” Kim said. “Usually, that weakness is human-related, like phishing.”

Tony Anscombe, the chief security official with the San Diego-based cybersecurity company ESET, said it appears the invasions may have been carried out as a “socially engineered attack,” meaning the hackers used tactics like a phone call, text messages or phishing emails to breach the system.

“Security is only as good as the weakest link, and unfortunately, as in many cyberattacks, human behavior is the method used by cybercriminals to gain the access to a company’s crown jewels,” Anscombe said.

As the security break-ins left some Las Vegas casino floors deserted this week, a hacker group emerged online, claiming responsibility for the attack on Caesars Entertainment’s systems and saying it had asked the company to pay a $30 million ransom fee.

It has not officially been determined whether either of the affected companies paid a ransom to regain control of their data. But if one had done so, the experts said, then more attacks could be on the way.

“If it happened to MGM, the same thing could happen to other properties, too,” said Kim, the UNLV professor. “Definitely more attacks will come. That’s why they have to prepare.”

___

Parry reported from Atlantic City. Associated Press videographer Ty O’Neil in Las Vegas contributed.

United States News

Associated Press

University of the People founder and Arizona State professor win Yidan Prize for education work

NEW YORK (AP) — Shai Reshef, president and founder of the online, tuition-free University of the People, and Arizona State professor and researcher Michelene Chi, who has developed a framework to improve how students learn, are the 2023 winners of The Yidan Prize, the biggest award in education. Reshef and Chi will each receive 15 […]

32 minutes ago

Associated Press

Massachusetts man stabs five officers after crashing into home following chase, police say

TAUNTON, Mass. (AP) — A Massachusetts man who sped away during a traffic stop led police on a chase that ended with him crashing into a home and then stabbing five officers, including the local police chief, before he was arrested, authorities said. The Taunton police officers were injured trying to take Douglas Hagerty, 35, […]

59 minutes ago

Associated Press

3 dead after car being pursued by police crashes in Indianapolis minutes after police end pursuit

INDIANAPOLIS (AP) — Three people including a teenage boy died when a car being chased by police in Indianapolis for reckless driving collided with another vehicle only minutes after officers ended their pursuit, authorities said Wednesday. An Indiana state trooper began the pursuit Tuesday night when the driver of a Dodge Challenger fled the officer’s […]

1 hour ago

Associated Press

Man serving sentence for attacking parents fails to return to halfway house and considered escapee

MOUNT LAUEL, N.J. (AP) — A man serving a prison sentence for attacking and seriously injuring his parents more than two decades ago remains missing Wednesday, several days after he failed to return to the halfway house where he was living. Edward Berbon, 54, was assigned to a halfway house in Camden County and had […]

2 hours ago

FILE - Former President Donald Trump pauses before ending his remarks at a rally in Summerville, S....

Associated Press

A judge found Trump committed fraud in building his real-estate empire. Here’s what happens next

WASHINGTON (AP) — A judge’s ruling that Donald Trump committed fraud as he built his real-estate empire tarnishes the former president’s image as a business titan and could strip him of his authority to make major decisions about the future of his marquee properties in his home state. The Tuesday order rescinds business licenses as […]

2 hours ago

Associated Press

Montana judge blocks enforcement of law to ban gender-affirming medical care for minors

HELENA, Mont. (AP) — A law to ban gender-affirming medical care for transgender minors in Montana is temporarily banned, a state judge ruled Tuesday, just four days before it was to take effect. District Court Judge Jason Marks agreed with transgender youth, their families and healthcare providers that a law passed by the 2023 Montana […]

3 hours ago

Sponsored Articles

...

DAY & NIGHT AIR CONDITIONING, HEATING AND PLUMBING

Importance of AC maintenance after Arizona’s excruciating heat wave

An air conditioning unit in Phoenix is vital to living a comfortable life inside, away from triple-digit heat.

...

Ignite Digital

How to unlock the power of digital marketing for Phoenix businesses

All businesses around the Valley hopes to maximize their ROI with current customers and secure a greater market share in the digital sphere.

...

Ability360

At Ability360, every day is Independence Day

With 100 different programs and services, more than 1,500 non-medically based home care staff, a world-renowned Sports & Fitness Center and over 15,000 people with disabilities served annually, across all ages and demographics, Ability360 is a nationwide leader in the disability community.

Two Vegas casinos fell victim to cyberattacks, shattering the image of impenetrable casino security