Justin Bieber and Twitter Founder Jack Dorsey are two of 10.6 million victims of the latest major hack to become public. MGM Resorts reported that the personal contact information of guests dating back years was exfiltrated and posted online.
Luckily, most of the information released consisted of only names, email addresses, and phone numbers, rather than more sensitive information. However, at least 1,300 guests received notification that passport numbers were released.
While it appears no passwords were included in this hack, it underscores one of the main threats of reusing passwords on multiple sites. Databases of customer information are frequently breached. While this one did not include passwords, many do. When they are, hackers will often try any email and password combinations that are released at other sites, making it easy to compromise additional data if you reuse passwords.
To check whether your information was included in similar past breaches, you can enter your email address at haveibeenpwned.com.
No culprit is identified yet. A larger hack of Marriott/Starwood in 2017 released information on 500 million guests, and was ultimately attribute to Chinese state-sponsored actors.