Residence safety big ADT has confirmed an information breach after the ShinyHunters extortion group threatened to leak stolen knowledge until a ransom is paid.
In an announcement shared right this moment, the corporate stated it detected unauthorized entry to buyer and potential buyer knowledge on April 20, after which it terminated the intrusion and launched an investigation.
This investigation decided that private info was stolen in the course of the breach.
“The investigation confirmed that the data concerned was restricted to names, cellphone numbers, and addresses,” ADT instructed BleepingComputer.
“In a small proportion of circumstances, dates of beginning and the final 4 digits of Social Safety numbers or Tax IDs have been included. Critically, no cost info — together with financial institution accounts or bank cards — was accessed, and buyer safety techniques weren’t affected or compromised in any manner.”
ADT says the intrusion was restricted and that it has contacted all affected people.
ShinyHunters leak web site itemizing
This assertion follows ADT’s itemizing on the ShinyHunters knowledge leak web site, the place attackers claimed to have stolen 10 million information containing prospects’ private info.
“Over 10M information containing PII and different inside company knowledge have been compromised. Pay or Leak,” reads the info leak web site.
“This can be a last warning to succeed in out by 27 Apr 2026 earlier than we leak together with a number of annoying (digital) issues that’ll come your manner.”
ADT didn’t affirm the quantity of knowledge theft claimed by the attackers.
ShinyHunters instructed BleepingComputer they allegedly breached ADT by means of a voice phishing (vishing) assault that compromised an worker’s Okta single sign-on (SSO) account. Utilizing this account, the risk actors claimed they accessed and stole knowledge from the corporate’s Salesforce occasion.
Since final yr, the extortion group has been conducting widespread vishing campaigns that focus on workers and BPO brokers’ Microsoft Entra, Okta, and Google SSO accounts.
After having access to a company SSO account, the risk actors steal knowledge from related SaaS functions corresponding to Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, and plenty of others.
This stolen knowledge is then used to extort the corporate into paying a ransom, or the info might be leaked.
ADT has beforehand disclosed knowledge breaches in August and October 2024 that uncovered buyer and worker info.
AI chained 4 zero-days into one exploit that bypassed each renderer and OS sandboxes. A wave of recent exploits is coming.
On the Autonomous Validation Summit (Might 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls maintain, and closes the remediation loop.
