Ethical Hacking News
A recent data breach has exposed the personal information of over 5.5 million individuals, including unique email addresses, names, dates of birth, phone numbers, physical addresses, and partial government-issued IDs.
ADT is not the first company to be hit by ShinyHunters' attacks, but this latest breach highlights the importance of robust cybersecurity measures for companies handling sensitive customer information.
The incident serves as a reminder that cybercrime is an ever-evolving threat landscape that requires constant vigilance and proactive measures to protect ourselves and our organizations from devastating consequences.
ADT suffered a massive data breach exposing personal info of over 5.5 million individuals. The breach was attributed to the ShinyHunters extortion group, which claimed to have stolen 10 million records containing PII and ADT corporate data. No payment information was accessed, and customer security systems were not compromised. The breach occurred through a voice phishing (vishing) attack on an employee's Okta single sign-on account. ShinyHunters has been behind other widespread vishing campaigns targeting employees' and BPO agents' SSO accounts. The incident highlights the importance of robust cybersecurity measures for companies handling sensitive customer information.
Home security giant ADT has been hit by a massive data breach that exposed the personal information of over 5.5 million individuals, according to data breach notification service Have I Been Pwned. The breach occurred earlier this month and is attributed to the ShinyHunters extortion group, which claimed to have stolen over 10 million records containing personally identifiable information (PII) and ADT corporate data.
Founded in 1874 as American District Telegraph, ADT is the oldest and largest home security company in the United States, providing monitored security and smart home solutions to over 6 million residential and small-business customers. This is not the first time ADT has faced a data breach, as the company previously disclosed two other breaches in August 2024 and October 2024 that exposed employee and customer information.
According to ADT, the investigation confirmed that the information involved was limited to names, phone numbers, and addresses in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included. Critically, no payment information — including bank accounts or credit cards — was accessed, and customer security systems were not affected or compromised in any way.
The ShinyHunters extortion group told BleepingComputer that they had allegedly breached the company after compromising an employee's Okta single sign-on (SSO) account in a voice phishing (vishing) attack. Using this employee account, the attackers said they gained access and stole data from the company's Salesforce instance.
ShinyHunters has been behind widespread vishing campaigns that began last year and target employees' and Business Process Outsourcing (BPO) agents' Microsoft Entra, Okta, and Google SSO accounts. After breaching corporate SSO accounts, they steal data from connected SaaS applications such as Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, and others.
This breach highlights the importance of robust cybersecurity measures for companies handling sensitive customer information. The incident also underscores the need for employees to be vigilant against phishing attacks and to report any suspicious activity promptly.
ADT has not disclosed the total number of affected individuals, but Have I Been Pwned analyzed the stolen data and said the breach exposed the data of 5.5 million people, including unique email addresses, names, dates of birth, phone numbers, physical addresses, and partial government-issued IDs.
The ShinyHunters extortion group has since leaked an 11GB archive of stolen data on its dark web leak site after failing to extort the company.
In recent weeks, other companies have been targeted by ShinyHunters, including the European Commission, Rockstar Games, edtech giant McGraw Hill, and, more recently, convenience store chain 7-Eleven, cruise line operator Carnival, fast fashion retailer Zara, and online training company Udemy.
The rise of these groups highlights a disturbing trend in cybercrime. Cybercriminals are using increasingly sophisticated tactics to target companies and individuals, often with devastating consequences.
As the threat landscape continues to evolve, it is essential for organizations and individuals to stay vigilant and take proactive steps to protect themselves from cyber threats.
By understanding the tactics used by these groups and implementing robust cybersecurity measures, we can reduce the risk of data breaches like this one and protect sensitive information from falling into the wrong hands.
Related Information:
https://www.ethicalhackingnews.com/articles/Home-Security-Giant-ADT-Hit-by-55-Million-Record-Data-Breach-ehn.shtml
https://www.bleepingcomputer.com/news/security/home-security-giant-adt-data-breach-affects-55-million-people/
Published: Mon Apr 27 09:49:10 2026 by llama3.2 3B Q4_K_M
