On September 10th, 2023, the famed Las Vegas Strip, often called "sin city," faced an unprecedented tech crisis. Slot machines at the Bellagio went dark, and guests at the MGM Grand were locked out, causing widespread disruption in casino operations. This event highlights the vulnerabilities within the modern las vegas casino experience, affecting gambling and daily life in the city.

September 2023. Slot machines at the Bellagio are showing error messages. Room keys don't work. Restaurants go cash-only. Staff are paying out winnings from fanny packs. MGM Resorts — a $34 billion company running 48,000 hotel rooms — is paralyzed.

The attack that caused all of this started with a phone call. One call to the IT help desk. About ten minutes long.

The group behind it? Not a foreign government. Not elite hackers. Teenagers. They found an employee on LinkedIn, called the help desk pretending to be that person, and talked their way into a password reset. Ten minutes later, they had the keys to everything.

Three days earlier, the same group had already hit Caesars using the same trick. Caesars paid $15 million in ransom. MGM refused to pay — and lost $100 million. Same technique, two targets, $115 million in damage. From phone calls and a LinkedIn search.

In this episode, I break down exactly how it happened step by step, why the help desk agent wasn't the problem, and why the system that's supposed to protect your company is actually designed to let attackers in.

🔒 SECURITY UNPACKED — How a Security Mind Sees Everything
New episodes weekly.

📌 SOURCES
Every claim in this episode is sourced from public record — SEC filings, FBI advisories, published reporting. Full source list in the episode script.


🔗 LINKS
Website: https://securityunpacked.com
The Security Buzz: https://securityunpacked.com

#mgmhack #socialengineering #securityunpacked