A teenage hacker accused of playing a role in the $100 million cyberattack that rattled Las Vegas casinos in 2023 has been arrested. Here’s everything we know about the shocking breach, the shadowy group behind it, and how one call was enough to bring a casino giant to its knees.
Las Vegas cyberattack probe leads to arrest of teen suspect
Authorities have taken a teenage boy into custody for his alleged role in a sophisticated cyberattack that targeted major Las Vegas casinos, including MGM Resorts and Caesars Entertainment, and inflicted financial damages in the hundreds of millions. Because he is a minor, officials have not disclosed his identity.
According to the Las Vegas Metropolitan Police Department (LVMPD), the attack unfolded over several weeks between August and October 2023. Investigators traced the breach to a notorious cybercriminal collective known by several aliases, including “Scattered Spider,” “Octo Tempest,” “UNC3944,” and “Oktapus,” of which the arrested teen is believed to have been a member.
The FBI’s Cyber Task Force—working in partnership with LVMPD’s Cyber Investigative Group—took over the case and eventually identified the suspect. On September 17, the teen surrendered himself at the Clark County Juvenile Detention Center.
Prosecutors are now weighing whether to charge him as an adult. If they proceed, he could face multiple counts, including extortion, identity theft with intent to cause harm, or impersonation, and computer-related crimes.
Inside the massive casino breaches that shook Vegas in 2023
The cyberattacks that crippled MGM Resorts and Caesars Entertainment were shockingly simple. In the case of MGM Resorts, which runs iconic properties like MGM Grand and Bellagio, the suspected hacker group managed to breach its systems with a basic social engineering trick. According to SFGATE, the hackers found an employee on LinkedIn, impersonated them in a call to the IT department, and requested a password reset. Just ten minutes later, they were inside MGM’s network.
Once in, the hackers unleashed chaos: they disabled slot machines and hotel key cards, blocked employee email access, and made it impossible to book reservations. The fallout was massive, with MGM claiming an estimated $100 million in losses in a filing with the Securities and Exchange Commission.
Around the same time, Caesars Entertainment disclosed in its own SEC filing that it had also been hit. While the financial toll remains unclear, the attack on Caesars was focused on data theft. The company admitted that hackers had accessed sensitive customer information, including driver’s licenses and Social Security numbers belonging to members of its loyalty program.
Although Caesars did not disclose the financial fallout, it acknowledged in a public statement that it had “taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result.” As NBC News noted, cybersecurity analysts largely interpreted this as confirmation that Caesars had paid a ransom to prevent the release of the compromised data.