Friday, July 11, 2008

Was MGMGrand.Com Hacked?

(UPDATE, 7:29 p.m. PT: MGM Mirage brass are looking into this, promised they'd get back to me. May not be tonight, though.)

There's an online uproar today after several people booked stays at the MGM Grand at a special $69-per-night room rate only to learn that MGM Grand says they were hacked. Folks who booked under the "Ultimate Escape" deal, which other users posted on various message boards after they found it, offered the $69 (that might've been a clue?) rate for any days, including weekends and holidays, and 25 percent off on Ka tickets.

One reader of this blog wrote in to say he booked for 8/29-9/1 for a total cost of $225.63 and printed out his confirmation. But now folks are being contacted and informed that someone hacked into the hotel's site and altered the prices or set up this bogus special offer. My letter-writer says some who call to complain are being offered $20 discounts instead.

Here is a sample of the e-mail customers are receiving:

Dear Valued Guest:

It has come to our attention that you booked a reservation on the MGM Grand website using promotion code SDM060. Please be advised that this is an invalid promotion code, which you did not receive from MGM Grand Hotel.

As a result, we are not able to honor your reservation. Please be advised that your reservation has been cancelled and any deposits have been refunded to your credit card. We sincerely apologize for any inconvenience this may have caused you.

We certainly welcome your business and invite you to book your reservation through our website or by contacting our room reservations department at (800) 929-1111. If you are a current MGM Mirage
Players Club Card member, please contact our VIP services department to book your reservation at (800) 929-9410. Once again, thank you for your interest in MGM Grand. We hope to welcome you in the future.


MGM Grand Reservations Department

Here's the thing: If MGMGrand.Com was hacked so thoroughly that someone could actually set up special room rates, that is a security breach of gigantic proportions. It would be assumed that whoever could get into the system to that degree also would have obtained customer credit card information and other jeopardizing bits and pieces. I'm no tech geek -- I just play one in the media -- but it seems strange that such a sophisticated hacker would go through all that trouble just to offer the world a lower room rate that's actually not even that much lower than some of the deals that are being offered in these troubled economic times. (There are MGM Grand rooms available in August for $80. The Ka discount actually exists, at least for July.)

I'm very dubious of this hacker explanation. It just doesn't make sense. Isn't it far more likely that someone at MGMGrand.Com keyed in the wrong price and the company realized it after several people had taken advantage of it?

Logic tells me that's the far more likely scenario. Since when are hackers of that magnitude after chump change like a $30 room discount for all? Wouldn't a hacker do other damage to the site as well, maybe something naughty that could get the casino in trouble with the gaming control board?

What's more, ought it be the customer's fault and problem if a major Fortune 500 company is incapable of securing its Web site? What of tourists who, sniffing out a great deal, went ahead and bought non-refundable plane tickets? This isn't some gas station that accidentally sells 41-cent-a-gallon gas when they meant $4.10, y'know? And, furthermore, if they're admitting to having been hacked, don't you think they ought to be trying really, really hard to reassure those people who forked over credit card information that they've got the situation under control and, if they try to book at MGMGrand.Com again, their information is safe and the booking will be legit? This letter to their "valued customers" does no reassuring whatsoever. It almost has an accusatory tone -- "which you did not receive from MGM Grand Hotel" -- as if the customers ought to have known better than to cause their Web folk all this darned trouble.

I'm going to see about getting MGM Mirage comment, although its late on Friday, so it may not be doable.



Anonymous said...

I call Shenanigans and agree with you Steve. I would say the "Hack" explanation is just some MGM Reservations agent pulling an answer out the Sky (Or somewhere else)

The SDM060 code is a format MGM has used all the Grand Offers, just Google SDM0xx and replace xx with a two digit number and you will see old offers from MGM.

And yes I lost out also, I had a Sat 7/19 Night Stay Booked, as I am arriving late, not kicking up a Stink though...


David - did you buy an airline ticket based on your booking? Also, why not come in Aug instead for the Vegas Podcast-a-Palooza!??!

Anonymous said...


No, I was already booked to fly in Saturday Night direct from a Business assignment in Mass. I will be in the Skylofts for the rest of the week (why I am not making a fuss), I just needed something cheap and cheerful as I won't arrive in LV until 11pm, Mrs David F. flies in the Next Morning. What I must check is how quickly they refund my card for the 1 night deposit.

And I would Seriously have done Podcast-a-Palooza, but I will be in Charleston, WV Round trip from there to LAS is $500 For the weekend :-(

Anonymous said...

I work in the online division of a major bank and I also find the explanation of a "hacker" to be dubious. Unless their definition of hacker is an insider or former disgruntled IT worker who still had access. Or maybe a contractor. If it truly was an outside breach than it certainly calls into question the security of the site not to mention the potential for fraud. If a hacker can access the reservation system then they should be able to access the credit card info of guests which would be a major security issue. I personally would not use MGM Grand's online system until a better explanation is provided.

Russell said...

I booked the offer as soon as I saw it on I called the next day to ask why my credit card hadn't been charged. Turns out they canceled my reservation without telling me.

A customer service escalation and I got 110 a night and a "free" upgrade to a Bungalow Suite. Not sure if I got a good deal or not.

I'm currently writing a Executive Carpet Bomb letter that will be mailed to the management team at MGM Grand, emailed to Consumerist, and post everywhere I can.

Anonymous said...

Where exactly did MGM say they were "hacked"? All they say is that it is an invalid promotion code that "you did not receive from MGM Grand".

My guess is that the code was sent out to invite specific targeted individuals only, one of whom took it upon him/herself to pass it on to the rest of the world. If MGM had the foresight to add fine print saying the offer is "Non-Transferable" then there is little to no recourse for anyone who tried to book it who was not specifically invited to do so.

S said...

To answer the question of "where did MGM say they were hacked?" - when people called to inquire about their canceled reservations they were being told that the system had been hacked. MANY people were told this and these people have reported this back to their various message boards.

I'm still waiting for an explanation as to why I was told directly from the MGM that I was eligible for that deal and that I could go ahead and book it (and cancel my previous reservation). The link to book this rate was a public link that did not ask for any specific identifier other than having to show your players club card at check in. It was MGM's error and they have angered a lot of people by not honoring the reservations made in the 16 hours it was up.