Cyberattack Leads to System Shutdown of MGM Resorts

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

MGM Resorts International has shutdown some of its computer systems, following a cybersecurity incident. The hotel and casino giant witnessed its online reservation system, website, and even in-casino services like ATM, slot, and credit card machines getting impacted.

The company posted a brief note on its official Twitter (now X) page, wherein it disclosed the incident and said that it was working with external cybersecurity experts to investigate the incident.

‘’MGM Resorts recently identified a cybersecurity issue affecting some of the Company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems,’’ the statement read.

The resort owner also announced that it would continue with the investigation to understand the nature and impact of this incident, which began on September 11.

The attack not only impacted all the 31 MGM resorts, but also its rewards app. As a security measure, it has resorted to manual operations for payments, as credit card and ATM machines on its properties remain non-functional.

Customers, members of its Rewards program have been advised to get in touch with the desired resort’s reception for reservation and other services as the main website and app continues to remain offline.

MGM has not yet disclosed any details about the attack or the names of the threat actors behind the incident. Thus, the purpose of the attackers continues to remain unknown.

In the past few years, this is the second time that MGM Resorts has been subjected to cyberattack. Earlier in 2019, it suffered a security breach, during which hackers had stolen information like, names, date of birth, email addresses, phone numbers, addresses of millions of hotel and casino guests.

AP Stylebook Data Breach Results in Targeted Phishing Attacks

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

The Associated Press announced that users of its old website ‘’AP Stylebook’’ had been hit by targeted phishing attacks as a result of the July 2023 data breach incident.

The popular writing and editing style guide is used by several journalists, editors, and newsrooms across the world. The hackers managed to infiltrate the third-party maintained website to steal personal information of users.

‘’The personal information was stored in a database that was accessible on an old AP Stylebook website that was no longer in use but still available online and maintained on our behalf by an outside service provider, Stylebooks.com, Inc. (“Stylebooks.com”),’’ the notice read.

First discovered by AP on July 20, when Stylebooks.com notified that some of the AP Stylebook customers reported receiving phishing emails asking them to update credit card information on dubious APS websites.

An investigation into the incident revealed that unauthorized threat actors had stolen 224 users’ data by accessing the old and defunct website between July 16 and July 22, 2023.

The stolen data included a user’s name, email and street address, city, state, zip code, phone number, and user ID. While making a purchase, some customers were asked to provide Tax Exempt IDs. Thus, the stolen information might also include a customer’s Social Security Number (SSN) or Taxpayer ID.

The new and active AP Stylebook website (apstylebook.com) was not impacted by this incident. However, the company has sent out emails to both old and new website users warning them about the incident and potential phishing attacks.

‘’In this email, we alerted the recipients to the phishing emails, clarified which email address is used to send legitimate emails, and provided our contact information for any questions,’’ the notice read.

AP notified the relevant authorities and also made it mandatory for all users to change their passwords. It is also reviewing its security protocols and updating training programs for all internal users. Moreover, its users are being offered 2-years complimentary credit monitoring and identity restoration services.