Open Nav
Sign Up

MGM Resorts Cyberattack Shuts Down Website and Brings Systems Offline

MGM resort cyberattack

OPInnovate Research

September 12, 2023

MGM Resorts, a renowned international hotel and casino company, has been hit by a cyberattack that has forced the shutdown of its website and computer systems. Concerns are mounting over potential data breaches and the impact on reservation systems and casino floors.

The company has taken swift action, involving external cybersecurity experts and notifying the FBI.

Impact of the Cyberattack on MGM Resorts’ Operations

The cyberattack on MGM Resorts has resulted in the shutdown of the company’s website and offline systems, impacting operations across multiple locations. The incident, which was first detected on Sunday night, has caused significant disruption to MGM Resorts’ operations.

The company’s websites are currently offline, and screens on casino gaming machines are displaying error messages. This issue isn’t limited to MGM’s Las Vegas locations, as other properties, including the Borgata Hotel in Atlantic City, have also been affected. The impact of the cyberattack can be seen at the MGM Grand Detroit Casino, where digital keys and the rewards program are experiencing issues.

The FBI is currently investigating the cybersecurity issue, and there are reports that MGM Resorts may have been the victim of a ransomware attack, although this claim hasn’t been confirmed. The disabled slot machines observed at MGM Resorts’ properties further indicate the extent of the attack.

This incident serves as a reminder of the increasing scale and mainstream nature of cyber attacks, be it ransomware or general disruptions. It emphasizes the need to be diligent and constantly ensure that your organization is secure.

As well as the need to invest in cybersecurity training and education for employees, this attack highlights the importance of continuous penetration testing for all organizations. While the investigation is still ongoing and the details of the attack and how the attackers managed to breach MGM’s systems are not yet known, it is worth noting that a large majority of attacks originate from vulnerabilities that could have been easily detected and resolved through effective pen testing.

Resources highlights

AsyncAPI npm Supply-Chain Attack Delivers Cross-Platform Miasma RAT

A software supply-chain attack compromised four packages in the official AsyncAPI npm namespace, resulting in five malicious package versions being distributed through the project’s legitimate…

Read more >

AsyncAPI supply chain attack

Zoom Windows Vulnerability Enables Account Takeover (CVE-2026-53412)

Zoom has released security updates for a critical vulnerability affecting Zoom Workplace and Zoom Workplace VDI clients for Windows. Tracked as CVE-2026-53412, the vulnerability could…

Read more >

cve-2026-53412

Actively Exploited SonicWall SMA1000 Vulnerabilities (CVE-2026-15409 and CVE-2026-15410)

SonicWall has released emergency hotfixes for two vulnerabilities affecting SMA1000 Series secure access appliances. Both vulnerabilities have been exploited in active attacks, and one carries…

Read more >

sonicwall_cve-2026-15409_cve-2026-15410_op

Critical Gitea Docker Authentication Bypass Under Active Probing: CVE-2026-20896

A critical authentication bypass vulnerability, tracked as CVE-2026-20896, has been disclosed in the official Gitea Docker image. Gitea is a self-hosted software development platform used…

Read more >

gitea_docker_cve-2026-20896

Adobe Patches Multiple Critical ColdFusion and Campaign Classic Vulnerabilities: CVE-2026-48282 Exploitation Observed

Adobe has released security updates for multiple critical vulnerabilities affecting Adobe ColdFusion and Adobe Campaign Classic, including several flaws rated CVSS 10.0.CVE-2026-48282, a critical ColdFusion…

Read more >

adobe_coldfusion_campaign classic_cve-2026-48282

CVE-2026-46817: Critical Oracle E-Business Suite Vulnerability

A critical vulnerability in Oracle E-Business Suite is now being actively exploited in the wild. Tracked as CVE-2026-46817, the flaw affects the File Transmission component…

Read more >

cve-2026-46817-oracle-e-business
Under Cyber Attack?

Fill out the form and we will contact you immediately.