ADT confirms data breach after ShinyHunters leak threat
Home safety large ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data except a ransom is paid.
In a press release shared at present, the corporate mentioned it detected unauthorized entry to buyer and potential buyer data on April 20, after which it terminated the intrusion and launched an investigation.
This investigation decided that private data was stolen in the course of the breach.
“The investigation confirmed that the information involved was limited to names, phone numbers, and addresses,” ADT instructed BleepingComputer.
“In a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included. Critically, no payment information — including bank accounts or credit cards — was accessed, and customer security systems were not affected or compromised in any way.”
ADT says the intrusion was restricted and that it has contacted all affected people.
ShinyHunters leak website itemizing
This assertion follows ADT’s itemizing on the ShinyHunters data leak website, the place attackers claimed to have stolen 10 million information containing clients’ private data.
“Over 10M records containing PII and other internal corporate data have been compromised. Pay or Leak,” reads the data leak website.
“This is a final warning to reach out by 27 Apr 2026 before we leak along with several annoying (digital) problems that’ll come your way.”
ADT didn’t verify the amount of data theft claimed by the attackers.
ShinyHunters instructed BleepingComputer they allegedly breached ADT by a voice phishing (vishing) assault that compromised an worker’s Okta single sign-on (SSO) account. Using this account, the threat actors claimed they accessed and stole data from the corporate’s Salesforce occasion.
Since final yr, the extortion group has been conducting widespread vishing campaigns that focus on workers and BPO brokers’ Microsoft Entra, Okta, and Google SSO accounts.
After having access to a company SSO account, the threat actors steal data from linked SaaS functions corresponding to Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, and plenty of others.
This stolen data is then used to extort the corporate into paying a ransom, or the data will likely be leaked.
ADT has beforehand disclosed data breaches in August and October 2024 that uncovered buyer and worker data.
AI chained 4 zero-days into one exploit that bypassed each renderer and OS sandboxes. A wave of recent exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls maintain, and closes the remediation loop.
