The full extent of the damage remains unclear. MGM and Caesars both use the service, and the company confirmed hackers were able to use its tech as an access vector. The attacks both started through identity management vendor Okta.
Scattered Spider also took credit for the MGM attack, but responsibility is notoriously difficult to verify without security researchers because hackers are motivated to claim as much damage as they can. Another ransomware group, Scattered Spider, took credit for that attack. But unlike MGM, Caesars reportedly paid 'tens of millions of dollars' to the hackers that threatened to release company data to avoid damage. After the MGM attack went public, reports started surfacing that competitor Caesars Entertainment, which also owns casinos across the Las Vegas strip, recently suffered a similar attack.