ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data
The Register
February 20, 2026
AI-Generated Deep Dive Summary
ShinyHunters, a notorious cybercrime group, has targeted Wynn Resorts, one of Las Vegas's leading hospitality and casino chains, demanding $1.5 million in cryptocurrency to prevent the release of stolen data. The gang claims to have accessed over 800,000 records containing sensitive employee information, including Social Security numbers, salaries, phone numbers, and birthdays. Wynn Resorts has yet to respond to the extortion demand, which includes a February 23 deadline. If the resort chain fails to comply, ShinyHunters threatens to leak the data and cause further digital disruptions.
The breach occurred in September 2025 through an Oracle PeopleSoft vulnerability, with attackers using an employee's credentials to infiltrate Wynn's systems. This incident follows a series of similar attacks by ShinyHunters on major casino chains like Caesars Entertainment and MGM Resorts, which were previously targeted in late 2023 via Okta SSO code phishing. The group has also been linked to Scattered Spider, another cybercrime collective known for deploying ransomware and stealing customer data.
ShinyHunters' tactics often involve social engineering, such as offering insider access or bribing employees for credentials. In one case, they reportedly offered a CrowdStrike employee $25,000 for access to their systems, though no breach occurred. The group has also used Telegram to solicit insider information and has been involved in voice phishing attacks targeting Okta, Microsoft, and Google users.
This latest attack highlights the growing threat of cyber extortion groups like ShinyHunters, which have targeted major industries including hospitality and gaming. Their ability to exploit vulnerabilities and manipulate employees underscores the importance of robust cybersecurity measures, especially for large organizations handling sensitive data. The case also raises concerns about the long-term impact of such breaches on businesses and individuals.
For tech readers, this story emphasizes the need for vigilance against social engineering attempts and the importance of securing single-sign-on systems. Additionally, it underscores the ongoing challenge of combating cybercrime groups that continue to evolve their methods while targeting high-profile industries. Wynn Resorts' silence so far leaves questions about
Verticals
tech
Originally published on The Register on 2/20/2026