In a city where chaos often feels like the norm, the recent cyberattack on MGM Resorts has taken the chaos in Vegas to a whole new level. As the outages drag into their fourth day, it’s not just the cyber angle that’s causing concern; it’s the mayhem unfolding on the ground that’s truly disrupting the Vegas experience for many.
Behind the scenes, the roots of this chaos trace back to a crafty social engineering attack against MGM’s helpdesk. The attacker, armed with little more than publicly-available employee info from LinkedIn, managed to socially engineer their way into the company’s systems. While most headlines are fixated on the cyber aspect, the real-world repercussions are nothing short of dramatic.
First and foremost, the MGM app has gone dark. This means that making changes to existing reservations or creating new ones has become an exercise in frustration. Checking in? Well, don’t expect the convenience of digital keys either. Those shiny digital keycards are worthless now, and it’s not currently possible to get a new or replacement MGM Rewards player’s card, either.
The chaos doesn’t stop there. Credit card processing has been hit or miss, with a surprising number of restaurants and retail outlets accepting cash only. It’s a stark reminder of how reliant we’ve become on digital transactions. If you’ve ever handed over your credit card details to MGM or possess an MGM Rewards credit card, it’s advisable to keep a close eye on your statements in the coming days and weeks. Those pesky hackers might confirm your card’s validity with tiny charges of one to a few cents.
While the chaos is consistent across all MGM properties, there are some inconsistencies too, adding an extra layer of confusion. Some guests are finding it impossible to check in if they haven’t already done so. Others can’t get their keycards to work or obtain new ones, leading to long lines and security escorts back to their rooms.
Now, let’s take a quick look at the unconfirmed reports flooding in from the (unofficial) MGM Rewards Facebook group. At Mandalay Bay/Delano, handwritten lists of guests checking in are reminiscent of a bygone era. People are being assigned to occupied rooms, creating all sorts of awkward encounters. The shortage of physical keycards with digital keys out of commission is limiting guests to just one per room. On the casino floor, only about a third of the slot machines are operational, and player’s cards might as well be playing cards.
Meanwhile, the Bellagio is taking credit cards manually, and room charges within the Bellagio itself seem to be functioning smoothly. However, cross-charging between properties is a different story altogether.
Allegedly, MGM has also called in corporate staff from headquarters to come out to resort properties and help manage the chaos. While this is the right move, it remains to be seen if this will be enough to help stem the bleeding as a result of this cyberattack.
Of course, MGM has made headlines recently as a result of their breakup with Hyatt and new partnership with Marriott Bonvoy. Many details of the new partnership remain unknown, and I imagine finalizing those details isn’t exactly something that’s top-of-mind at MGM HQ right now.
As the chaos in Vegas rages on, the true extent of the impact remains uncertain. For now, those in Sin City are left to navigate a world where technology has taken a back seat, and old-fashioned methods are making a comeback. In a place known for its extravagance and digital dazzle, it’s a stark reminder of just how fragile our digital world can be when faced with a well-executed cyberattack. Vegas, it seems, is dealing with a different kind of high-stakes game this time.