ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data
(2026/02/20)
- Reference: 1771612043
- News link: https://www.theregister.co.uk/2026/02/20/shinyhunters_wynn_resorts/
- Source link:
Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.
On Friday, the cybercrime crew listed the hospitality company on its blog, claiming to have stolen more than 800,000 records containing employees' Social Security numbers and other private details. The extortionists set a February 23 deadline for Wynn to "reach out" and threatened to leak the data, "along with several annoying (digital) problems that'll come your way," if the resort chain did not comply with the demands.
Samples of the stolen data seen by The Register contain employees' full names, emails, phone numbers, positions, salaries, start dates, birthdays, and other personal information.
[1]
Wynn Resorts, which owns five resorts, 81 restaurants, and 200 high-end retail outlets, did not immediately respond to The Register 's inquiries. We will update this story when we hear back from the company.
[2]
[3]
ShinyHunters set a fee of 22.34 Bitcoin (about $1.5 million) as the "starting price" for the stolen files, according to a spokesperson for the crime group, who told The Register that the digital intruders gained initial access to Wynn's systems in September 2025 via an Oracle PeopleSoft vulnerability using an employee's credentials.
[4]ShinyHunters claims it drove off with 1.7M CarGurus records
[5]A tale of 2 casino ransomware attacks: One paid out, one did not
[6]Canada Goose ruffles feathers over 600K record dump, says leak is old news
[7]ShinyHunters swipes right on 10M records in alleged dating app data grab
Shiny declined to say if it got the Wynn employee to give up the credentials via a social engineering trick, or simply paid the individual for access. The group has previously used Telegram to solicit insider access, and in one case reportedly [8]claimed it agreed to pay a CrowdStrike employee $25,000 for access, though the security shop said no systems were breached.
The claimed Wynn Resorts breach follows a [9]slew of recent ShinyHunters intrusions , several of which [10]involved voice phishing to obtain single-sign-on codes from users of Okta, Microsoft, and Google services.
It's also notable that nearly three years ago, a group with [11]ties to ShinyHunters ' crime collaborative [12]hacked two other major Vegas hotel and casino chains: [13]Caesars Entertainment and [14]MGM Resorts .
[15]
In late 2023, Scattered Spider abused Okta SSO codes and [16]help-desk calls to break into both resort chains' networks, deployed ransomware on their networks, and stole data belonging to tens of thousands of customers.
In September 2025, Las Vegas cops [17]cuffed a teen linked to the casino hacks shortly after British police [18]arrested two other teens accused of being members of the notorious cybercrime gang.
At least [19]seven other suspected Scattered Spider members were arrested in 2024 as part of wider probes following the Las Vegas resort intrusions. ®
Get our [20]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aZjnkM7BH6GFd-7mXQa8FgAAAMs&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZjnkM7BH6GFd-7mXQa8FgAAAMs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZjnkM7BH6GFd-7mXQa8FgAAAMs&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://www.theregister.com/2026/02/18/shinyhunters_cargurus_breach/
[5] https://www.theregister.com/2023/12/28/casino_ransomware_attacks/
[6] https://www.theregister.com/2026/02/16/canada_goose_shinyhunters/
[7] https://www.theregister.com/2026/01/29/shinyhunters_match_group/
[8] https://www.bleepingcomputer.com/news/security/crowdstrike-catches-insider-feeding-information-to-hackers/
[9] https://www.theregister.com/2026/02/18/shinyhunters_cargurus_breach/
[10] https://www.theregister.com/2026/01/22/crims_sell_voice_phishing_kits/
[11] https://www.theregister.com/2025/08/12/scattered_spidershinyhunterslapsus_cybercrime_collab/
[12] https://www.theregister.com/2023/12/28/casino_ransomware_attacks/
[13] https://www.theregister.com/2023/09/14/caesars_mgm_hacks/
[14] https://www.theregister.com/2023/09/11/mgm_resorts_cybersecurity_incident/
[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZjnkM7BH6GFd-7mXQa8FgAAAMs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[16] https://www.theregister.com/2025/05/18/ex_nsa_scattered_spider_call/
[17] https://www.theregister.com/2025/09/22/teen_cuffed_scattered_spider_casino/
[18] https://www.theregister.com/2025/09/18/two_teens_charged_in_tfl_case/
[19] https://www.theregister.com/2025/04/08/scattered_spider_updates/
[20] https://whitepapers.theregister.com/
On Friday, the cybercrime crew listed the hospitality company on its blog, claiming to have stolen more than 800,000 records containing employees' Social Security numbers and other private details. The extortionists set a February 23 deadline for Wynn to "reach out" and threatened to leak the data, "along with several annoying (digital) problems that'll come your way," if the resort chain did not comply with the demands.
Samples of the stolen data seen by The Register contain employees' full names, emails, phone numbers, positions, salaries, start dates, birthdays, and other personal information.
[1]
Wynn Resorts, which owns five resorts, 81 restaurants, and 200 high-end retail outlets, did not immediately respond to The Register 's inquiries. We will update this story when we hear back from the company.
[2]
[3]
ShinyHunters set a fee of 22.34 Bitcoin (about $1.5 million) as the "starting price" for the stolen files, according to a spokesperson for the crime group, who told The Register that the digital intruders gained initial access to Wynn's systems in September 2025 via an Oracle PeopleSoft vulnerability using an employee's credentials.
[4]ShinyHunters claims it drove off with 1.7M CarGurus records
[5]A tale of 2 casino ransomware attacks: One paid out, one did not
[6]Canada Goose ruffles feathers over 600K record dump, says leak is old news
[7]ShinyHunters swipes right on 10M records in alleged dating app data grab
Shiny declined to say if it got the Wynn employee to give up the credentials via a social engineering trick, or simply paid the individual for access. The group has previously used Telegram to solicit insider access, and in one case reportedly [8]claimed it agreed to pay a CrowdStrike employee $25,000 for access, though the security shop said no systems were breached.
The claimed Wynn Resorts breach follows a [9]slew of recent ShinyHunters intrusions , several of which [10]involved voice phishing to obtain single-sign-on codes from users of Okta, Microsoft, and Google services.
It's also notable that nearly three years ago, a group with [11]ties to ShinyHunters ' crime collaborative [12]hacked two other major Vegas hotel and casino chains: [13]Caesars Entertainment and [14]MGM Resorts .
[15]
In late 2023, Scattered Spider abused Okta SSO codes and [16]help-desk calls to break into both resort chains' networks, deployed ransomware on their networks, and stole data belonging to tens of thousands of customers.
In September 2025, Las Vegas cops [17]cuffed a teen linked to the casino hacks shortly after British police [18]arrested two other teens accused of being members of the notorious cybercrime gang.
At least [19]seven other suspected Scattered Spider members were arrested in 2024 as part of wider probes following the Las Vegas resort intrusions. ®
Get our [20]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aZjnkM7BH6GFd-7mXQa8FgAAAMs&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZjnkM7BH6GFd-7mXQa8FgAAAMs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZjnkM7BH6GFd-7mXQa8FgAAAMs&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://www.theregister.com/2026/02/18/shinyhunters_cargurus_breach/
[5] https://www.theregister.com/2023/12/28/casino_ransomware_attacks/
[6] https://www.theregister.com/2026/02/16/canada_goose_shinyhunters/
[7] https://www.theregister.com/2026/01/29/shinyhunters_match_group/
[8] https://www.bleepingcomputer.com/news/security/crowdstrike-catches-insider-feeding-information-to-hackers/
[9] https://www.theregister.com/2026/02/18/shinyhunters_cargurus_breach/
[10] https://www.theregister.com/2026/01/22/crims_sell_voice_phishing_kits/
[11] https://www.theregister.com/2025/08/12/scattered_spidershinyhunterslapsus_cybercrime_collab/
[12] https://www.theregister.com/2023/12/28/casino_ransomware_attacks/
[13] https://www.theregister.com/2023/09/14/caesars_mgm_hacks/
[14] https://www.theregister.com/2023/09/11/mgm_resorts_cybersecurity_incident/
[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZjnkM7BH6GFd-7mXQa8FgAAAMs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[16] https://www.theregister.com/2025/05/18/ex_nsa_scattered_spider_call/
[17] https://www.theregister.com/2025/09/22/teen_cuffed_scattered_spider_casino/
[18] https://www.theregister.com/2025/09/18/two_teens_charged_in_tfl_case/
[19] https://www.theregister.com/2025/04/08/scattered_spider_updates/
[20] https://whitepapers.theregister.com/