Singer Justin Bieber and Twitter founder Jack Dorsey are thought to be among the 10.6 million people to have had their details leaked following the hacking of MGM Resorts.
The stolen information, which was said to have been hacked from the hotel group last summer, was posted on a hacking forum earlier in the week, according to ZDNet, and included names, addresses and passport numbers from people who had stayed at the resorts.
It is thought the data stolen concerns anyone staying at the resorts up until 2017.
Members of the public, major celebrities, company CEOs, journalists and government officials were all spotted as part of the data dump earlier in the week – though MGM would not confirm specific names.
A spokesperson said: “Last summer, we discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.
“We are confident that no financial, payment card or password data was involved in this matter.”
In line with the applicable state laws, the company told all the impacted guests about the hack in 2019, with 1,300 guests being notified that more sensitive information, such as passport details, had been taken.
A reporter for ZDNet said on Twitter that some guests were not told until a month after the attack.
The company told ZDNet that it had also hired cyber security firms to conduct an investigation into the hack, saying: “At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again.”
MGM runs a number of exclusive hotels in the US, with most of them in Las Vegas, often hosting music concerts, gambling competitions and sporting events.
Even though it was less severe “phonebook information” stolen in the attack, hackers are able to target individuals with that data and use it to gain influence and access with the victim.
Despite the large attack on the chain, a hack on Marriott hotels in 2017 remains the largest breach of customer information to date, with the data of around 500 million people being obtained in the attack.