Scattered Spider: The Greatest Casino Hack

One of the biggest online casino hacks in history was the 2023 cyberattack against MGM Resorts International and the related attack on Caesars Entertainment. The greatest casino hack shocked the gambling and cybersecurity industries because it demonstrated how vulnerable even billion-dollar casino corporations could be to modern cybercriminals. The attacks caused massive operational disruptions, exposed customer data, and resulted in financial losses estimated at more than $100 million.

The MGM attack began in September 2023 and was linked to a cybercrime group known as “Scattered Spider,” which worked alongside the ransomware organization ALPHV, also called BlackCat. Investigators said the hackers used social engineering rather than highly advanced technical tools. Instead of breaking through firewalls with sophisticated code, they tricked employees into giving them access. According to reports, the attackers gathered information about MGM employees from public websites such as LinkedIn and then contacted the company’s IT help desk pretending to be legitimate staff members. Once they convinced support workers to reset passwords, the hackers gained entry into MGM’s internal systems.

What made the attack especially dramatic was the visible impact on MGM’s casino operations. MGM operates some of the most famous casino resorts in Las Vegas, including Bellagio, Aria, MGM Grand, Mandalay Bay, and New York-New York. During the attack, hotel key cards stopped functioning, slot machines shut down, ATMs failed, online reservations became unavailable, and payment systems experienced outages. Guests reported standing in extremely long lines because employees had to check people in manually. Some elevators malfunctioned, digital signs went dark, and several casino systems had to be disconnected from the internet entirely.

The disruption lasted for days. MGM chose not to pay the ransom demanded by the attackers, which reportedly contributed to the prolonged outage. Analysts estimated that MGM lost approximately $100 million due to interrupted operations, recovery costs, and reputational damage.

At the same time, Caesars Entertainment suffered a related cyberattack. Unlike MGM, Caesars reportedly paid a ransom of around $15 million after hackers demanded about $30 million. The payment allegedly helped Caesars avoid widespread operational shutdowns, although customer information was still stolen.

The contrast between the two companies became one of the most discussed aspects of the incident. Caesars quietly negotiated with the hackers and maintained casino operations, while MGM refused to pay and endured severe technical chaos. Cybersecurity experts debated which response was better. Some argued that paying criminals only encourages future attacks, while others believed MGM’s losses proved that refusing to negotiate could become even more expensive.

The attacks also highlighted how valuable customer data is to cybercriminals. Both casino companies operate massive loyalty programs with millions of members. Caesars disclosed that hackers stole data belonging to a significant number of loyalty-program users, including driver’s license numbers and Social Security numbers. MGM later admitted that customer information had also been compromised, including names, addresses, birth dates, and identification details.

Casinos are especially attractive targets for hackers because they combine large amounts of money with extensive customer databases. Modern casino corporations are not just gambling businesses; they are giant technology companies managing hotels, online betting systems, restaurants, digital payments, mobile apps, and international loyalty networks. A successful attack can interrupt nearly every aspect of operations. In MGM’s case, employees reportedly had to revert to paper records and manual procedures during the outage.

Another reason the hack became historically significant was the simplicity of the method used. Many people assume the world’s largest cyberattacks involve complex computer code and secret government-level hacking tools. Instead, the MGM breach allegedly began with a phone call to a help desk. Security researchers pointed out that social engineering remains one of the most effective hacking techniques because it targets human trust rather than software vulnerabilities.

The cybercriminal group behind the attack gained a reputation for aggressive tactics. Scattered Spider was reportedly composed largely of young English-speaking hackers who specialized in impersonation, phishing, and multi-factor authentication manipulation. Investigators believed some members were teenagers or very young adults. In later reports, authorities alleged that one suspect connected to the attacks possessed millions of dollars in Bitcoin.

The attack also drew attention because it occurred during a period when ransomware attacks were increasing worldwide. Ransomware is a form of cybercrime in which attackers infiltrate systems, encrypt data, and demand payment for restoration. In some cases, hackers also threaten to publish stolen information if companies refuse to pay. Casino companies became especially vulnerable because downtime immediately affects revenue. Every hour that slot machines, hotel reservations, or payment systems are unavailable can cost millions of dollars.

Industry experts later estimated that MGM’s recovery process required enormous effort. Restoring systems after a ransomware-style attack is difficult because companies must ensure hackers no longer have access before reconnecting critical operations. Rebuilding networks, changing passwords, replacing compromised devices, and investigating data theft can take weeks or months. MGM eventually restored most services after about ten days, but some systems remained affected longer.

The event became a warning to businesses far beyond the gambling industry. Analysts emphasized that no organization is too large to be targeted. MGM Resorts is one of the most recognizable hospitality companies in the world, employing tens of thousands of people and generating billions in annual revenue. Yet a relatively small group of hackers managed to disrupt the company through manipulation and stolen credentials.

Public reaction was intense because many customers were directly affected. Visitors staying at MGM properties during the attack described confusion, long waits, and inability to access rooms or make purchases. Some social media users posted videos of dark slot machines and nonfunctional systems across Las Vegas casinos. Online discussions often compared the event to scenes from cyberpunk movies because such a technologically advanced entertainment environment had suddenly become partially unusable.

The attacks also renewed debate about whether companies should ever pay hackers. Law enforcement agencies generally discourage ransom payments because they can finance additional criminal operations. However, companies facing massive operational losses sometimes calculate that paying is financially cheaper than enduring extended downtime. Caesars’ reported payment of $15 million appeared large, but it was still far below MGM’s estimated $100 million operational loss.

Cybersecurity specialists used the MGM and Caesars incidents as case studies for improving corporate defenses. Recommendations included stronger employee training, better identity verification procedures, stricter multi-factor authentication systems, and faster incident response planning. Experts argued that technical defenses alone are not enough if attackers can manipulate employees into granting access.

The hack also had legal and regulatory consequences. MGM later faced lawsuits and investigations related to customer data exposure and cybersecurity practices. Regulators and consumer advocates questioned whether the company had adequately protected sensitive information. Reports later noted that MGM challenged aspects of government investigations tied to the breach.

Although casino companies have experienced hacks before, the MGM and Caesars attacks stood out because of their scale, visibility, and economic impact. Previous breaches often involved stolen credit-card information or online poker fraud, but the 2023 incidents disrupted real-world casino operations across multiple states and affected millions of customers. The attack became one of the clearest examples of how cybercrime can interrupt physical businesses in everyday life.

Today, the MGM cyberattack is frequently cited as one of the largest and most influential online casino-related hacks ever recorded. It combined ransomware, social engineering, data theft, operational paralysis, and international cybercrime into a single event that demonstrated the growing power of organized hacking groups. The incident showed that modern casinos are deeply dependent on digital systems and that cybersecurity has become as important to gambling companies as physical security on the casino floor itself.