LAS VEGAS (KLAS) — With limited information coming from MGM Resorts and the FBI, speculation has begun on some tech and media websites about who is behind the hack that has disrupted Nevada’s largest employer.

Reports on Forbes, Gizmodo and Engadget are citing social media posts on X (formerly Twitter) that a group known as ALPHV, also known as BlackCat, compromised MGM Resorts through a simple phone call impersonating an employee on the IT staff. The found an employee to impersonate by searching through LinkedIn. A 10-minute phone call allowed the compromise

All of these reports cite a thread on X by vx-underground, identified by Forbes as a malware research group with nearly 229,000 followers.

“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” vx-underground said on X. “A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”

A source quoted by Forbes speculated that ALPHV initiated a ransomware attack on MGM. “The fact that everything’s down,” Alex Hammerstone of TrustedSec, an Ohio-based cybersecurity firm, told Forbes. “I mean, if you’re going to go in stealthily and steal data and then do something with it, everything wouldn’t be down.”

Vx-underground speculated in a post Tuesday evening that MGM wouldn’t pay.

On Wednesday, MGM posted a note at that the website is currently unavailable.

The note advised visitors to use the MGM Rewards App for reservations. It also guided customers to other websites to by tickets to some events. “To make a reservation for a resident artist, production show, or attraction please visit To purchase tickets for Las Vegas Aces, Vegas Golden Knights or a concert event at an Arena please visit”

The resort company is trying to adjust as customers run into problems.

“You don’t know what you are dealing with — you don’t know how much is compromised,” said Mary Jo Helaner, visiting the Bellagio Resort & Casino from Ohio. “The most frustrating thing for me is MGM saying it’s business as usual.”

Other guests expressed concern, saying some had received strange text messages, and even in some cases bank charges since the breach. No evidence has been uncovered that the messages or charges were related to the MGM cybersecurity issue. Still, guests say they were cautious about using their debit and credit cards at the resort.

“For hotel reservations arriving September 13-17, 2023, we understand your travel plans may have changed, so we are offering free changes and cancellations. Thank you for your loyalty to MGM Resorts and we look forward to welcoming you soon,” according to the note posted on the company’s website.

After the “cybersecurity issue” was initially reported to the public on Monday morning, MGM has been relying on X and other social media platforms to keep customers informed.

On Wednesday, a paper note was handed to guests at MGM’s Bellagio property, saying that issues impacting the resort’s internal network were affecting the MGM Resorts Mobile App, website, and other systems. The note said that room access would require a physical key card, hotel phones were inoperable, credits for gameplay with the use of an MGM Rewards card would be credited back to player accounts at a later time, and restaurant reservations were encouraged to be made in person.

Additionally, the note said that slot machine ticket-in and ticket-out systems may be offline, and that should a ticket not be accepted at a machine, it should be redeemed with a cashier. The note went on to say there could be delays in cashing out some slot machines.

“We have increased our staffing throughout the property to ensure your needs are addressed,” the note said. “We apologize for any inconvenience.”

MGM Resorts International has about 75,000 employees on its Nevada payroll, far more than the second-largest gaming operator in the state, Caesars Entertainment, which has about 54,000 employees.

MGM operates Bellagio, Aria, The Cosmopolitan Las Vegas, MGM Grand, Mandalay Bay, Park MGM, NoMad Las Vegas, New York-New York, Luxor and Excalibur.