Oh, and I do want to address any concerns regarding the MGM Resorts hack from September 2023, and if this BetMGM situation has to do with that.

At first glance, you'd think it would have to. After all, the hackers made off with a LOT of MGM customer data, and these breaches seemingly started right after that.

However, despite the close timeline and both being MGM related, I believe these two breaches to be completely independent from one another.

Let me count the ways:

1) BetMGM was not on the same system as MGM Resorts.

2) The hackers of MGM Resorts make money via ransomware attacks, and don't bother stealing 3-4 figure amounts at a time from individual accounts of customers.

3) MGM Resorts has not said that login/password combos of customers were breached. Customers' personal data was stolen, but we have heard nothing about email/password combos being part of it.

4) Credential stuffing attacks come from a variety of hacks, where a bot tries tons of previously obtained e-mail/password combos within a very short time. They do not necessarily have to breach MGM Resorts to go after BetMGM customers with possibly the same e-mail/password combos. There are many sources for this data outside of MGM.

5) The turnaround time seems too quick. Remember, the hackers of MGM Resorts were still holding out for ransom payments when these BetMGM attacks were starting up again. It's unlikely the hackers would get involved in these small time thefts when they're trying to get $30 million out of MGM Resorts, especially if the small time thefts could potentially jeopardize the ransom being paid.


While it is not impossible that these are related, I'd say it's unlikely.


If you have a BetMGM account, change the password immediately, and also enable two-factor authentication!