Dwelling safety large ADT has confirmed a knowledge breach after the ShinyHunters extortion group threatened to leak stolen information until a ransom is paid.
In an announcement shared at the moment, the corporate stated it detected unauthorized entry to buyer and potential buyer information on April 20, after which it terminated the intrusion and launched an investigation.
This investigation decided that private info was stolen throughout the breach.
“The investigation confirmed that the data concerned was restricted to names, cellphone numbers, and addresses,” ADT instructed BleepingComputer.
“In a small share of circumstances, dates of beginning and the final 4 digits of Social Safety numbers or Tax IDs had been included. Critically, no cost info — together with financial institution accounts or bank cards — was accessed, and buyer safety methods weren’t affected or compromised in any manner.”
ADT says the intrusion was restricted and that it has contacted all affected people.
ShinyHunters leak web site itemizing
This assertion follows ADT’s itemizing on the ShinyHunters information leak web site, the place attackers claimed to have stolen 10 million information containing clients’ private info.
“Over 10M information containing PII and different inside company information have been compromised. Pay or Leak,” reads the info leak web site.
“It is a remaining warning to achieve out by 27 Apr 2026 earlier than we leak together with a number of annoying (digital) issues that’ll come your manner.”
ADT didn’t affirm the quantity of information theft claimed by the attackers.
ShinyHunters instructed BleepingComputer they allegedly breached ADT via a voice phishing (vishing) assault that compromised an worker’s Okta single sign-on (SSO) account. Utilizing this account, the risk actors claimed they accessed and stole information from the corporate’s Salesforce occasion.
Since final yr, the extortion group has been conducting widespread vishing campaigns that focus on staff and BPO brokers’ Microsoft Entra, Okta, and Google SSO accounts.
After getting access to a company SSO account, the risk actors steal information from related SaaS functions similar to Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, and lots of others.
This stolen information is then used to extort the corporate into paying a ransom, or the info might be leaked.
ADT has beforehand disclosed information breaches in August and October 2024 that uncovered buyer and worker info.
AI chained 4 zero-days into one exploit that bypassed each renderer and OS sandboxes. A wave of latest exploits is coming.
On the Autonomous Validation Summit (Could 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls maintain, and closes the remediation loop.
