On 22 May 2022, cybersecurity researchers from vpnMentor unearthed four archives of files containing 8.7GB of data on Telegram. The data dumped on Telegram contained customer information from before 2017 including names, postal and email addresses, phone numbers, and dates of birth.
Although there were 142 million records in total, the number of impacted customers is believed to be around 30 million. The data seems to have been stolen from MGM Resorts, an American chain of hotels and an entertainment company whose endpoints were compromised in February 2019.
The records included government officials, chief executive officers, and others, notable among them, then Twitter Inc. CEO Jack Dorsey and singer Justin Bieber.
Forward to July 14th, 2020, a hacker going by the online handle of NightLion listed the 142 million MGM hotel guest records stolen from the breach monitoring site DataViper for sale at a price of $2,900 on now seized Rainforums and dark web marketplaces.
Nearly two years later, the same database comprising 142 million records has been shared on Telegram for the public to download for free.
It is worth noting that lately, Telegram groups have become a new home to data leaks. Earlier this month, the private details of 21 million SuperVPN, GeckoVPN, and ChatVPN users were also dumped on several Telegram groups for download.
Repercussions of data leak
Malicious actors can exploit the data to launch phishing email campaigns and scams. They can trick the victim via email and SMS by using their business or residential addresses to gain trust and even perform identity theft.
Since the breach is around two years old, people may not be expecting to be targeted, making them more susceptible to attacks. However, through the date of birth details, fraudsters may target unsuspected users.
"Bad actors could send phishing messages and scams to exposed users via SMS and email, using the victims' full names and home or business addresses to build trust," researchers at vpnMentor noted.
According to the FBI's annual Internet Crime Report, which was published earlier this month, in 2021 51,629 identity-theft complaints were recorded, compared to 43,330 in 2020 — that's a 19 percent increase. These crimes resulted in the loss of more than $278 million to companies and individuals.