Former guests’ phone numbers, full names, email addresses and home addresses were posted in an online hacking forum

Justin Bieber in New York

Justin Bieber in New York CREDIT: Gotham/ GC Images

The personal details of more than 10.6 million people who stayed at MGM Resorts hotels have been exposed online, including data which appeared to belong to Justin Bieber and Twitter CEO Jack Dorsey.

Former guests’ phone numbers, full names, email addresses and home addresses were posted in an online hacking forum earlier this week, according to tech outlet ZDNet, which first reported the news.

MGM later confirmed the hack. More than a thousand people who had stayed at the hotels, which include properties in Las Vegas and Detroit, also had sensitive data, such as passport information and driver’s licences revealed, it said.

It came after MGM’s systems were hacked into last summer, with the company saying last night it had “discovered unauthorised access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts”.

It said it was “confident that no financial, payment card or password data was involved in this matter”.

“MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws”.

In most US states, it is legal to not tell customers that their data has been exposed during a hack if that data is already public. MGM told news outlets most of the information could be found in phone books or on Google.

The MGM hack comes just a few years after Marriott Hotels suffered a data breach, which saw the information of up to 500 million guests stolen.

Last summer, the UK’s Information Commissioner’s Office signalled it would be issuing Marriott with a £99m fine for the breach.