Ethical Hacking News
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen customer and prospective customer information unless a ransom is paid. In a statement, ADT confirmed that unauthorized access was detected on April 20, and an investigation determined that personal information was stolen during the breach. Fortunately, no payment information was accessed.
ADT confirmed a data breach after being threatened by the ShinyHunters extortion group. The breach affected customer and prospective customer data, but no payment information was accessed. A total of 10 million records containing personal information were stolen, including dates of birth and Social Security numbers. The attackers breached ADT through a voice phishing attack on an employee's Okta single sign-on account. ADT has contacted all affected individuals and is taking steps to rectify the situation.
In a shocking turn of events, home security giant ADT has confirmed that it has suffered a data breach after the notorious ShinyHunters extortion group threatened to leak stolen customer and prospective customer information unless a ransom is paid. The news comes on the heels of several high-profile data breaches in the past year, including one at McGraw Hill and another at edtech giant Vercel.
According to ADT's statement shared today, the company detected unauthorized access to customer and prospective customer data on April 20, after which it terminated the intrusion and launched an investigation. The investigation determined that personal information was stolen during the breach, but fortunately, no payment information — including bank accounts or credit cards — was accessed.
In a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included in the stolen data. Critically, however, customer security systems were not affected or compromised in any way. ADT says that it has contacted all affected individuals and is taking steps to rectify the situation.
The ShinyHunters group claimed on their data leak site that they had stolen 10 million records containing customers' personal information. The attackers stated that they breached ADT through a voice phishing (vishing) attack that compromised an employee's Okta single sign-on (SSO) account. Using this account, the threat actors gained access to and stole data from the company's Salesforce instance.
This is not the first time that ShinyHunters has been involved in a high-profile data breach. The group has been conducting widespread vishing campaigns targeting employees and BPO agents' Microsoft Entra, Okta, and Google SSO accounts for the past year. After gaining access to a corporate SSO account, the threat actors steal data from connected SaaS applications such as Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, and many others.
The stolen data is then used to extort the company into paying a ransom or threatening to leak the information online. ADT has previously disclosed data breaches in August and October 2024 that exposed customer and employee information.
In light of this latest breach, it's clear that home security companies are not immune to cyber attacks. The fact that ADT was able to detect and terminate the intrusion within a relatively short period of time is a testament to its swift response. However, the fact remains that the company has suffered a data breach, and it's essential that they take proactive measures to ensure the security of their customers' personal information.
ADT's listing on the ShinyHunters data leak site serves as a stark reminder of the devastating consequences of data breaches. The attackers claimed that they had accessed and stolen data from ADT's Salesforce instance, which is used by employees to access customer information. This highlights the importance of robust cybersecurity measures in place, particularly for companies handling sensitive customer data.
As the threat landscape continues to evolve, it's essential that home security companies like ADT take proactive steps to protect their customers' personal information. The fact that no payment information was accessed is a welcome relief, but it's clear that the company must still take swift action to contain and rectify the situation.
In conclusion, the data breach at ADT serves as a stark reminder of the importance of robust cybersecurity measures in place. The company's swift response and proactive measures will be crucial in ensuring the security of its customers' personal information.
Related Information:
https://www.ethicalhackingnews.com/articles/ADT-Announces-Data-Breach-After-ShinyHunters-Leak-Threat-ehn.shtml
https://www.bleepingcomputer.com/news/security/adt-confirms-data-breach-after-shinyhunters-leak-threat/
https://www.pcmag.com/news/adt-data-breach-shinyhunters-hackers-say-they-stole-10-million-records
https://cybersecuritynews.com/udemy-data-breach/
https://en.wikipedia.org/wiki/ShinyHunters
Published: Fri Apr 24 18:45:57 2026 by llama3.2 3B Q4_K_M
