Quick But Costly: 10 Minute Hack Led to Compromise of Multi-billion Dollar MGM Empire

September 15, 2023


3 minutes

Quick But Costly: 10 Minute Hack Led to Compromise of Multi-billion Dollar MGM Empire

MGM Resorts International hacked by ransomware gang.

On Monday, September 11, 2023, MGM Resorts International announced that it had been hit by a “cybersecurity issue” that had caused widespread outages across its properties. The company’s website, online booking system, and in-casino systems were all affected, and some guests were unable to check in or use their credit cards. In addition to the direct impact on MGM Resorts, the cyberattack could also have a ripple effect on small businesses that rely on the company for their livelihood. For example, small businesses that provide food and beverage services to MGM Resorts may lose revenue if the casino is forced to reduce operations. Similarly, small businesses that offer tours or transportation services to tourists may also be affected.

MGM Resorts has not yet released much detail about the nature of the attack, but has been attributed to the ransomware group known as ALPHV, also referred to as BlackCat, according to an analysis by malware research platform vx-underground.

Ransomware is a type of malware that encrypts a victim’s data and demands a ransom payment in order to decrypt it. In this case, the hackers may have targeted MGM Resorts’ systems in order to steal customer data or disrupt its operations.

Shockingly, the group reportedly gained access to MGM Resorts International's U.S. systems in a mere 10 minutes through social engineering tactics. Vx-underground disclosed in a tweet that the infiltration process was alarmingly straightforward. The ransomware group ALPHV simply used LinkedIn to identify an MGM employee and then contacted the company's Help Desk. Astonishingly, a corporation valued at approximately $33.9 billion found its defenses compromised through just a 10-minute interaction.

The outage at MGM Resorts is a reminder of the growing threat of cyberattacks to businesses of all sizes. Small businesses are particularly vulnerable to these attacks, as they often lack the resources to invest in robust cybersecurity measures.

Here are some tips for small businesses to protect themselves from cyberattacks:

  • Keep your software up to date. Software updates often include security patches that can help to protect your systems from known vulnerabilities.
  • Use strong passwords and change them regularly.
  • Enable two-factor authentication for all online accounts.
  • Be careful about what information you share online.
  • Have a plan in place in case of a cyberattack.

The full impact of the cyberattack on small businesses is still unknown, but it is clear that this is a serious issue that businesses of all sizes need to take seriously. By taking steps to protect their own cybersecurity, small businesses can help mitigate the risk of being impacted by future cyberattacks.

Cyber Pop-up has experts that can help you get secure immediately. For more information about our process and expertise visit

For more insights from Dr. Christine, visit our Resources Page often, or email our team members, at