- ShinyHunters claims breach at Wynn Resorts, leaking 800,000 employee records
- The group demands 23.34 Bitcoin (~$1.55 million) to delete stolen data
- Access allegedly gained via Oracle PeopleSoft vulnerability using employee credentials
Notorious ransomware operators ShinyHunters appear to have hit another Las Vegas hotel and casino giant, as after Caesars Entertainment and MGM Resorts (which was hit in September 2023), the group now apparently has Wynn Resorts.
The group recently added Wynn to its data leak website, saying it had obtained more than 800,000 records, and shared a small sample to prove the authenticity of its claims — giving Wynn a deadline of February 23, 2026 to either pay up or see the data leaked on the dark web.
The hackers are asking for 23.34 Bitcoin, equivalent to about $1.55 million, in exchange for deleting the data, which it says is the “starting price”, suggesting it is ready to negotiate a smaller sum.
Meanwhile, the sample was analyzed by researchers at The registerand allegedly contains Wynn Resorts employees’ full names, emails, phone numbers, positions, salaries, start dates, birth dates and “other personal information.”
This is more than enough to create very convincing phishing emails through which attackers can steal login credentials, perform wire fraud, and more.
The hotel has not yet issued a statement about the allegations, nor has it responded to media inquiries. We don’t know exactly how the incident occurred – it was either through stolen credentials or through a vulnerability in Internet-connected hardware such as firewalls.
ShinyHunters is currently one of the most active threat actors, having recently broken into dozens of organizations through vishing (voice phishing) scams. They would impersonate tech support or IT operators and trick the victim into resetting their 2FA and login credentials and then access the system via Okta single sign-on or a similar service.
In this case, however, a member of the group told The register they gained access to Wynn’s systems in September 2025 via an Oracle PeopleSoft vulnerability using an employee’s credentials.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
