MGM Data breach Header

LinkedIn as the Trojan Horse at MGM: The Rising Threat of Social Engineering in IT Security

Imagine, just for a moment, that the walls guarding your fortress – that formidable digital infrastructure your IT team-built brick by brick – are effortlessly scaled by an invader. Not because of a cutting-edge hacking tool or a zero-day exploit, but something as innocent as LinkedIn, and a well-timed phone call to your help desk. Sounds implausible?

How did this happen?

The attackers simply combined the art of social engineering with the treasure trove of information available on platforms like LinkedIn. An MGM employee's details, casually shared on LinkedIn, became the blueprint for a vishing attack. A call was made to the MGM help desk, mimicking this employee, a password reset was requested, and just like that, the gates were thrown open. In the ensuing chaos, ATMs, slot machines, key cards, and even room lights malfunctioned.

The attackers, identified as a part of the ALPHV group (or perhaps the youthful 'Scattered Spider' group), left no stone unturned, ensuring that gamblers couldn't gamble, and hotel guests were left stranded.

Intriguingly, this isn't an isolated incident. Since August, according to David Bradbury, Chief Security Officer at Okta, both ALPHV and Scattered Spider have victimized five companies, including the likes of MGM and Caesars.

With ransomware attacks becoming increasingly prevalent, simply paying off the attackers isn't a viable solution. The FBI consistently warns against such actions, as they further embolden cybercriminals. The need of the hour is robust prevention, which goes beyond mere technical measures.

So, how can IT security managers armor themselves against such deceptive attacks?

  1. Implement a forced process for user verification. This means that important information, password reset, MFA information and more, will only be released if an intelligent IT-workflow allows it. You must take emotions out of verification!
  2. Use tests including contextual and dynamic data unavailable for the hackers.
  3. Use MFA devices when possible.
  4. Use manager approval if you have no other ways.
  5. Integrate the workflow in your ITSM system.

Curious about how such a breach occurs in real time? Dive deep into a gripping 3-minute reconstruction of a data breach where hackers employ LinkedIn to weave their web of deception. Realize the potential vulnerabilities of your service desk and arm yourself against them.

Watch the video now!Reconstruction of a Data Breach”.


It’s all available with the FastPass solution (Cloud or On-premises). Certified by ServiceNow and TopDesk and available with all modern ITSM solutions. It even includes advanced self-service of passwords (SSPR) to improve service for users and reduce the help desk’s workload. See: FastPass Identity Verification Manager.

Remember: In the world of cyber warfare, your defensive strategy is as essential as your offensive capabilities. Ensure your defenses are not just technologically sound but also human-proof.

Stay safe and vigilant! 🔒🛡️🔍

Source: MGM Suffers Ransomware Attack

Finn Jensen

Finn Jensen | Founder, FastPasscorp

Related Posts

Scroll to Top