Popstar Justin Bieber and Twitter founder Jack Dorsey are believed to be among 10.6m people who had their data leaked after MGM Resorts was hacked last year.
Names, addresses and passport numbers featured among the details stolen from former guests of the chain, which owns a string of hotels in Las Vegas and around the world.
The stolen information, which is believed to impact people staying at the resort up until 2017, was posted on a hacking forum earlier this week, ZDNet reported.
Top chief executives, journalists and government officials and members of the public were all spotted in the data dump, though MGM would not confirm names or the number of people affected.
The resort group ZDNet that the leak related to a security incident that took place last year.
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,” a spokesperson said.
“We are confident that no financial, payment card or password data was involved in this matter.”
MGM said it notified all affected guests about the incident in accordance with state laws.
The hotel group also told the website that it had hired two cybersecurity forensics firms to conduct an internal investigation into the server exposure.
“At MGM Resorts, we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again,” the company said.
Robert Ramsden-Board, vice president for EMEA at cybersecurity firm Securonix, said: “Given the sensitive nature of the information exposed in this leak, and the fact that this database has been discovered on a criminal hacking site, the security and privacy consequences for those whose data had been exposed could be huge.
“Individuals affected will incur a heightened risk of experiencing threats such as identity theft and phishing scams.”
MGM controls 13 hotels along the Las Vegas strip, as well as other venues across the US, in China and in Japan.
Despite the scale of the hack, it is not the largest cyber attack on a hotel chain. In 2017 information belonging to 500m customers of Marriott International were exposed in a cyber attack.
The UK’s data watchdog last year announced its intention to fine Marriott £99m for its handling of the breach.