ShinyHunters demands $1.5M not to leak Wynn Resorts data • The Register
ShinyHunters demands $1.5M not to leak Wynn Resorts data • The Register
https://www.theregister.com/2026/02/20/shinyhunters_wynn_resorts/
Publish Date: 2026-02-20 13:27:00
Source Domain: www.theregister.com
Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.
On Friday, the cybercrime crew listed the hospitality company on its blog, claiming to have stolen more than 800,000 records containing employees’ Social Security numbers and other private details. The extortionists set a February 23 deadline for Wynn to “reach out” and threatened to leak the data, “along with several annoying (digital) problems that’ll come your way,” if the resort chain did not comply with the demands.
Samples of the stolen data seen by The Register contain employees’ full names, emails, phone numbers, positions, salaries, start dates, birthdays, and other personal information.
Wynn Resorts, which owns five resorts, 81 restaurants, and 200 high-end retail outlets, did not immediately respond to The Register’s inquiries. We will update this story when we hear back from the company.
ShinyHunters set a fee of 22.34 Bitcoin (about $1.5 million) as the “starting price” for the stolen files, according to a spokesperson for the crime group, who told The Register that the digital intruders gained initial access to Wynn’s systems in September 2025 via an Oracle PeopleSoft vulnerability using an employee’s credentials.
Shiny declined to say if it got the Wynn employee to give up the credentials via a social engineering trick, or simply paid the individual for access. The group has previously used Telegram to solicit insider access, and in one case reportedly claimed it agreed to pay a CrowdStrike employee $25,000 for access, though the security shop said no systems were breached.
The claimed Wynn Resorts breach follows a slew of recent ShinyHunters intrusions, several of which involved voice phishing to obtain single-sign-on codes from users of Okta, Microsoft, and Google services.
It’s also notable that…
