MGM cyber attack: How a phone call may have led to the ongoing hack

Did prominent casino chain MGM Resorts gamble with its customers’ data? That’s a question a lot of those customers are probably asking themselves after a cyberattack took down many of MGM’s systems for several days. And it may have all started with a phone call, if reports citing the hackers themselves are to be believed.

MGM, which owns more than two dozen hotel and casino locations around the world as well as an online sports betting arm, reported on September 11 that a “cybersecurity issue” was affecting some of its systems, which it shut down to “protect our systems and data.” For the next several days, reports said everything from hotel room digital keys to slot machines weren’t working. Even websites for its many properties went offline for a while. Guests found themselves waiting in hours-long lines to check in and get physical room keys or getting handwritten receipts for casino winnings as the company went into manual mode to stay as operational as possible. MGM Resorts didn’t respond to a request for comment, and has only posted vague references to a “cybersecurity issue” on Twitter/X, reassuring guests it was working to resolve the issue and that its resorts were staying open.

It took about 10 days, but MGM announced on September 20 that its hotels and casinos were “operating normally” again, although there may be some “intermittent issues” and MGM Rewards may not be available.

“We thank you for your patience,” the company said in its statement. It did not provide any additional information on the reason why its systems went down in the first place.

The attacks show how even organizations that you might expect to be especially locked down and protected from cybersecurity attacks — say, massive casino chains that pull in tens of millions of dollars every day — are still vulnerable if the hacker uses the right attack vector. And that’s almost always a human being and human nature. In this case, it appears that publicly available information and a persuasive phone manner were enough to give the hackers all they needed to get into MGM’s systems and create what is likely to be some very expensive havoc that will hurt both the…