---
title: "ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data"
description: "Wynn Resorts is facing extortion from the cybercrime group ShinyHunters, which claims to have stolen over 800,000 employee records, including Social Security numbers. The group demands $1.5 million in"
type: "news"
locale: "en"
url: "https://longbridge.com/en/news/276519440.md"
published_at: "2026-02-21T19:47:17.000Z"
---

# ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data

> Wynn Resorts is facing extortion from the cybercrime group ShinyHunters, which claims to have stolen over 800,000 employee records, including Social Security numbers. The group demands $1.5 million in Bitcoin to prevent the data leak, threatening further digital issues if their demands are not met by February 23. ShinyHunters gained access to Wynn's systems through an Oracle PeopleSoft vulnerability. This incident follows previous attacks on other major Vegas casinos by the same group, highlighting ongoing cybersecurity threats in the hospitality industry.

Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.

On Friday, the cybercrime crew listed the hospitality company on its blog, claiming to have stolen more than 800,000 records containing employees' Social Security numbers and other private details. The extortionists set a February 23 deadline for Wynn to "reach out" and threatened to leak the data, "along with several annoying (digital) problems that'll come your way," if the resort chain did not comply with the demands.

Samples of the stolen data seen by *The Register* contain employees' full names, emails, phone numbers, positions, salaries, start dates, birthdays, and other personal information.

Wynn Resorts, which owns five resorts, 81 restaurants, and 200 high-end retail outlets, did not immediately respond to *The Register*'s inquiries. We will update this story when we hear back from the company.

ShinyHunters set a fee of 22.34 Bitcoin (about $1.5 million) as the "starting price" for the stolen files, according to a spokesperson for the crime group, who told *The Register* that the digital intruders gained initial access to Wynn's systems in September 2025 via an Oracle PeopleSoft vulnerability using an employee's credentials.

Shiny declined to say if it got the Wynn employee to give up the credentials via a social engineering trick, or simply paid the individual for access. The group has previously used Telegram to solicit insider access, and in one case reportedly claimed it agreed to pay a CrowdStrike employee $25,000 for access, though the security shop said no systems were breached.

The claimed Wynn Resorts breach follows a slew of recent ShinyHunters intrusions, several of which involved voice phishing to obtain single-sign-on codes from users of Okta, Microsoft, and Google services.

It's also notable that nearly three years ago, a group with ties to ShinyHunters' crime collaborative hacked two other major Vegas hotel and casino chains: Caesars Entertainment and MGM Resorts.

In late 2023, Scattered Spider abused Okta SSO codes and help-desk calls to break into both resort chains' networks, deployed ransomware on their networks, and stole data belonging to tens of thousands of customers.

In September 2025, Las Vegas cops cuffed a teen linked to the casino hacks shortly after British police arrested two other teens accused of being members of the notorious cybercrime gang.

At least seven other suspected Scattered Spider members were arrested in 2024 as part of wider probes following the Las Vegas resort intrusions. ®

### Related Stocks

- [WYNN.US - Wynn Resorts](https://longbridge.com/en/quote/WYNN.US.md)
- [ORCX.US - Defiance Daily Target 2X Long ORCL ETF](https://longbridge.com/en/quote/ORCX.US.md)
- [ORCL.US - Oracle](https://longbridge.com/en/quote/ORCL.US.md)
- [BEDZ.US - AdvisorShares Hotel ETF](https://longbridge.com/en/quote/BEDZ.US.md)

## Related News & Research

| Title | Description | URL |
|-------|-------------|-----|
| ShinyHunters 要求 150 萬美元以避免泄露拉斯維加斯賭場和度假村連鎖的數據 | 永利度假正面臨來自網絡犯罪團伙 ShinyHunters 的勒索，該團伙聲稱已盜取超過 80 萬名員工的記錄，包括社會安全號碼。該團伙要求支付 150 萬美元的比特幣，威脅如果不滿足他們的要求，將在 2 月 23 日之前泄露數據。Shiny | [Link](https://longbridge.com/en/news/276474683.md) |
| 研究警示：CFRA 維持對永利度假股份的買入評級 | CFRA 對永利度假（Wynn Resorts，WYNN）維持買入評級，12 個月目標價為 155 美元，基於調整後 EBITDA 估計為 25 億美元的 10.3 倍。儘管 2025 年第四季度的業績喜憂參半，收入增長 1.5% 至 18 | [Link](https://longbridge.com/en/news/276146633.md) |
| 永利度假村第四季度的收入超出預期 | 永利度假報告第四季度營業收入為 18.7 億美元，超過分析師預期的 18.5 億美元，而調整後的每股收益為 0.82 美元，低於 1.17 美元的預估。公司在 Wynn Al Marjan Island 項目上取得進展，預計將在 2027  | [Link](https://longbridge.com/en/news/275807521.md) |
| Summitry LLC 收購了 5,460 股 Oracle 公司 $ORCL 的股票 | Summitry LLC 在第三季度將其在甲骨文公司（NYSE:ORCL）的持股增加了 173.7%，額外購買了 5,460 股，總持股達到 8,604 股，價值 242 萬美元。其他機構投資者也增加了他們的持股。內部人士 Mark Hur | [Link](https://longbridge.com/en/news/276057017.md) |
| Senzime 推出 TetraCom 連接平台，實現麻醉數據的通用傳輸 \| SNZZF 股票新聞 | Senzime AB 推出了 TetraCom 連接平台，使神經肌肉數據能夠普遍傳輸到醫院系統，如 Epic 和 Oracle Health。該創新平台具有硬件網關和基於雲的軟件，實現實時數據傳輸，增強了互操作性，無需定製集成。首席執行官  | [Link](https://longbridge.com/en/news/276314277.md) |

---

> **Disclaimer**: This article is for reference only and does not constitute any investment advice.