- ShinyHunters reports breach by Wynn Resorts and leaks 800,000 employee records
- Group demands 23.34 Bitcoin (~$1.55 million) to delete stolen data
- Access Allegedly Gained Through Oracle PeopleSoft Vulnerability Using Employee Credentials
The infamous ShinyHunters ransomware operators appear to have hit another Las Vegas hotel and casino giant, as after Caesars Entertainment and MGM Resorts (which were attacked in September 2023), the group apparently now has Wynn Resorts.
The group recently added Wynn to its data breach website, saying it had obtained more than 800,000 records and shared a small sample to prove the authenticity of its claims, giving Wynn a deadline of February 23, 2026 to pay or view the leaked data on the dark web.
The hackers are asking for 23.34 Bitcoin, which is roughly equivalent to $1.55 million, in exchange for deleting the data, which they say is the “starting price,” suggesting they are willing to negotiate a lower sum.
Meanwhile, the sample was analyzed by researchers from The Registryand allegedly contains the full names, emails, phone numbers, positions, salaries, start dates, birth dates and “other personal information” of Wynn Resorts employees.
This is more than enough to create very convincing phishing emails through which attackers can steal login credentials, conduct phishing, and more.
The hotel has yet to issue a statement on the claims or respond to media inquiries. We don’t know exactly how the incident occurred: it was either through stolen credentials or through a vulnerability in Internet-connected hardware, such as firewalls.
ShinyHunters is currently one of the most active threat actors, having recently broken into dozens of organizations via vishing (voice phishing) scams. They would pose as tech support or IT operators and trick the victim into resetting their 2FA and login credentials, and then access the system through Okta single sign-on or a similar service.
In this case, however, one member of the group said The Registry They accessed Wynn’s systems in September 2025 through an Oracle PeopleSoft vulnerability using an employee’s credentials.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
