Hackers Attacked Two Leading Vegas Casinos, Making Casino Security Look Vulnerable
The latest victim of MGM Resorts was Dulce Martinez, a 45-year-old publicist from Los Angeles. She tried to access her casino reward accounts to book accommodations for an upcoming trip. However, she was greeted by a persistent error message stopping her from achieving her goal. Confused with the error messages she kept receiving while trying to book the accommodation, she had to ask if she was the only one facing such issues. She thought it could be her device error or something. This made her visit the Facebook group for MGM Resorts International loyalty members. As many others complained, she discovered the casino was under cyber attack.
Dulce immediately checked her bank statement after knowing about the MGM Resorts attack. She noticed she had been getting unrecognized debits from the credit card linked to her loyalty account. She confirmed that the charges increase from $9.99 to $46 with each transaction. This made her cancel the credit card to avoid further unauthorized deductions from her account.
She opted for a credit report monitoring program to protect her credit card from further debits, which cost her about $20 monthly. She did this because she didn’t know what other information the hackers might have stolen. Dulce said this is her way of monitoring any activity on her credit card and ensuring that no further deduction can happen on her credit card without her knowledge.
How the Security Breach Affected the Casinos and Customers
According to reports from MGM Resorts, the cyberattack started on Sunday and has affected reservations and casino floors in Las Vegas and other states. Videos have already been circulated on social media showing that the video slots had stopped working. Even customers who had already booked reservations complained about their hotel room cards. They couldn’t use them to access their rooms. Other customers had to cancel their reservations and trips to the hotel because of this. With booking capabilities and other customer issues extending to the sixth day, other customers had to cancel their reservation to check out of the hotel. Since the MGM Resorts management couldn’t resolve the issue, they allowed the customers to enjoy penalty-free room cancellations. The Associated Press tried to contact Brian Ahern, the company spokesperson, to ask home questions about the situation in the hotel. However, Brian refused to provide answers about the breach. He also declined to answer any question that was asked. Similarly, Caesars Entertainment, another casino giant, was also confirmed to be a victim of a cybersecurity attack on Thursday. The casino said they couldn’t determine if customers’ details were 100% safe following the attack. However, the hotel’s computer operations were working well. In addition, players could still access the casino to play games.
Human Errors Are the Major Causes of Data Breaches – Expert Speaks
Yoohwan Kim, an expert in network security and a computer science professor at the University of Nevada, Las Vegas, said that many people believe security is all about the big super-computers and firewalls. “The people are right to think this way,” Kim confirmed. Top-rated casinos such as Caesars and MGM Resorts can still suffer security breaches despite their sophisticated security operations. This is because no system is perfect, and any little mistake can make the system vulnerable to attacks from cybercriminals. Kim said, “Hackers are always fighting for that 0.0001% weakness”. He went further to say that such weakness is usually human-related. So, once they notice such vulnerability, they quickly take advantage of that to launch their attacks. Another expert, Tony Anscombe, the chief security official with the San Diego-based cybersecurity company ESET, said the breach might have been a “socially engineered attack.” This means the hackers might have used strategies like phishing emails, text messages, phone calls to attack the system.
The cybercriminals could send text messages or phishing emails to unsuspecting customers or the company staff. With only a few clicks using any provided link, the hackers could gain access to vital private information that they can use for their malicious activities.
Anscombe has said that one of the major ways cybercriminals use to break into a company’s private data is usually through human behavior. He claimed that this has been the weakest link for most cyber attacks. After the attack had lasted long without any solution, some Las Vegas casino floors were abandoned. Most customers started looking for alternatives since their hotel cards weren’t working. A hacker group has claimed to be responsible for Caesars Entertainment’s security breach. The group also demanded that the company pay a ransom of $30 million. The random will be paid to enable Caesars Casino to gain control of their data again.
However, it’s still unclear if any companies have paid the ransom. Nothing has also been said about negotiating with the hackers to stop the attacks on top casinos. But, it is the belief of security experts that more hackers may emerge and start attacking casino facilities if any of the companies comply with the hacker demands.
Way Forward for Casinos Facing Similar Cyberattacks
According to Kim, the UNLV professor, all casino operators must put adequate measures in place to ensure their facilities are well-protected. He claimed that the hackers would want to attack more facilities, especially as a successful attack on MGM has occurred. Casino operators can increase their defenses with modern, sophisticated cybersecurity measures such as encryption technologies, firewalls, and malware detection systems. It’s also vital to minimize human errors as that’s a significant loophole cybercriminals take advantage of to launch their attacks Like Dulce Martinez, casinos should educate customers on what to do after they notice their credit cards have been compromised. By taking the right steps, Dulce could stop the unauthorized deductions on her account and also start to monitor the activities on her credit card.
Finally, besides having adequate measures to prevent cyber attacks, casinos must also have control measures during and after attacks. Most of the customers left the hotel because they waited for several days without getting any solution to the problem. It’s possible that some customers stayed back, assuming the casino managed the situation.