- ShinyHunters Claims Wynn Resorts Breach, Leaking Records of 800,000 Employees
- Group asks for 23.34 Bitcoins (~$1.55 million) to delete stolen data
- Access allegedly gained via Oracle PeopleSoft vulnerability using employee credentials
Infamous ransomware operators ShinyHunters appear to have hit another Las Vegas hotel and casino giant, as after Caesars Entertainment and MGM Resorts (which were hit in September 2023), the group now appears to have Wynn Resorts.
The group recently added Wynn to its data leak website, saying it had obtained more than 800,000 records and shared a small sample to prove the authenticity of its claims – giving Wynn a deadline of February 23, 2026 to either pay or see the leaked data on the dark web.
The hackers are asking for 23.34 Bitcoins, or approximately $1.55 million, in exchange for deleting the data, which they consider the “starting price”, suggesting they are willing to negotiate a lesser sum.
In the meantime, the sample was analyzed by researchers from The registerand allegedly contains the full names, email addresses, phone numbers, positions, salaries, start dates, dates of birth and “other personal information” of Wynn Resorts employees.
This is more than enough to create very convincing phishing emails through which attackers can steal login credentials, carry out wire fraud, and more.
The hotel has not yet released a statement regarding these allegations, nor has it responded to media inquiries. We do not know exactly how the incident occurred: either because of credential theft or because of a vulnerability in hardware connected to the Internet such as firewalls.
ShinyHunters is one of the most active threat actors currently, having recently broken into dozens of organizations through vishing (voice phishing) scams. They would impersonate tech support or IT agents and trick the victim into resetting their 2FA and login credentials, then gain access to the system through Okta single sign-on or a similar service.
In this case, however, a group member said The register they accessed Wynn’s systems in September 2025 via an Oracle PeopleSoft vulnerability using an employee’s credentials.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
