Justin Walker and Greg Haas
LAS VEGAS (KLAS) — With limited information coming from MGM Resorts and the FBI, speculation has begun on some tech and media websites about who is behind the hack that has disrupted Nevada’s largest employer.
Reports on Forbes, Gizmodo and Engadget are citing social media posts on X (formerly Twitter) that a group known as ALPHV, also known as BlackCat, compromised MGM Resorts through a simple phone call impersonating an employee on the IT staff. They reportedly found an employee to impersonate by searching through LinkedIn. A 10-minute phone call allowed the compromise.
All of these reports cite a thread on X by vx-underground, identified by Forbes as a malware research group with nearly 229,000 followers.
“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” vx-underground said on X. “A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”
A source quoted by Forbes speculated that ALPHV initiated a ransomware attack on MGM. “The fact that everything’s down,” Alex Hammerstone of TrustedSec, an Ohio-based cybersecurity firm, told Forbes. “I mean, if you’re going to go in stealthily and steal data and then do something with it, everything wouldn’t be down.”
Vx-underground speculated in a post Tuesday evening that MGM wouldn’t pay.
On Wednesday, MGM posted a note on its site noting it was currently unavailable.
The note advised visitors to use the MGM Rewards App for reservations. It also guided customers to other websites to buy tickets to some events. “To make a reservation for a resident artist, production show, or attraction please visit Ticketmaster.com. To purchase tickets for Las Vegas Aces, Vegas Golden Knights or a concert event at an Arena please visit AXS.com.”
The resort company is trying to adjust as customers run into problems.
“For hotel reservations arriving September 13-17, 2023, we understand your travel plans may have changed, so we are offering free changes and cancellations. Thank you for your loyalty to MGM Resorts and we look forward to welcoming you soon,” according to the note.
After the “cybersecurity issue” was initially reported to the public on Monday morning, MGM has been relying on X and other social media platforms to keep customers informed.
On Wednesday, a paper note was handed to guests at MGM’s Bellagio property, saying that issues impacting the resort’s internal network were affecting the MGM Resorts Mobile App, website, and other systems. The note said that room access would require a physical key card, hotel phones were inoperable, credits for gameplay with the use of an MGM Rewards card would be credited back to player accounts at a later time, and restaurant reservations were encouraged to be made in person.
Additionally, the note said that slot machine ticket-in and ticket-out systems may be offline, and that should a ticket not be accepted at a machine, it should be redeemed with a cashier. The note went on to say there could be delays in cashing out some slot machines.
“We have increased our staffing throughout the property to ensure your needs are addressed,” the note said. “We apologize for any inconvenience.”
MGM Resorts International has about 75,000 employees on its Nevada payroll, far more than the second-largest gaming operator in the state, Caesars Entertainment, which has about 54,000 employees.
MGM operates Bellagio, Aria, The Cosmopolitan Las Vegas, MGM Grand, Mandalay Bay, Park MGM, NoMad Las Vegas, New York-New York, Luxor and Excalibur.