"On Friday, the cybercrime crew listed the hospitality company on its blog, claiming to have stolen more than 800,000 records containing employees' Social Security numbers and other private details. The extortionists set a February 23 deadline for Wynn to "reach out" and threatened to leak the data, "along with several annoying (digital) problems that'll come your way," if the resort chain did not comply with the demands."
"ShinyHunters set a fee of 22.34 Bitcoin (about $1.5 million) as the "starting price" for the stolen files, according to a spokesperson for the crime group, who told The Register that the digital intruders gained initial access to Wynn's systems in September 2025 via an Oracle PeopleSoft vulnerability using an employee's credentials. Shiny declined to say if it got the Wynn employee to give up the credentials via a social engineering trick, or simply paid the individual for access."
ShinyHunters claims to have stolen more than 800,000 Wynn Resorts employee records that include Social Security numbers and other private details. The extortionists set a February 23 deadline and threatened to leak the data and cause additional digital disruptions if demands are not met. Samples of the stolen files contain full names, emails, phone numbers, positions, salaries, start dates, and birthdays. Wynn Resorts owns multiple resorts, restaurants, and retail outlets and did not immediately respond to inquiries. ShinyHunters set a 22.34 Bitcoin (≈$1.5M) starting price, claiming initial access in September 2025 via an Oracle PeopleSoft vulnerability using employee credentials. The group has solicited insider access via Telegram and has previously used voice phishing to obtain single-sign-on codes.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]