Breach Notes

Vulnetix
Ransomware

Cybersecurity Dive / Chainalysis / McGriff

πŸ“… 2023-08-18 🏒 Caesars Entertainment loyalty program database / Okta 🦠 Scattered Spider ransomware
Primary Source β†—

Incident Details

Scattered Spider targeted Caesars’ outsourced IT support vendor Aug 18 2023 via voice phishing, convincing vendor to hand over Okta credentials. Within days accessed 6TB loyalty program database with SSNs and driver’s licenses of 65M+ rewards members. $30M ransom demanded; Caesars paid $15M in cryptocurrency. Breach discovered Sept 7, SEC 8-K filed. Unlike MGM (same group same week), quick ransom payment avoided operational disruption. FBI involved; Chainalysis tracked ransom funds.

Technical Details

Initial Attack Vector
CWE-1390: Weak Authentication (vishing / voice phishing social engineering of outsourced IT vendor to bypass Okta MFA)
Vendor / Product
Caesars Entertainment loyalty program database / Okta
Malware Family
Scattered Spider ransomware

Timeline

  1. 2023-08-18 Breach occurred
  2. 2023-09-07 Publicly disclosed
  3. 2023-09-14 Customers notified