The ShinyHunters extortion group has stolen personal information linked to millions of ADT customers after breaching the home security company’s systems earlier this month, according to reports cited by the data breach notification service Have I Been Pwned, in the latest cyber incident to hit the United States security provider.
Scale of the ADT Breach Comes Into Focus
Have I Been Pwned reported that the breach exposed the data of 5.5 million people. According to that assessment, the compromised information included unique email addresses, names, dates of birth, phone numbers, physical addresses and partial government-issued identification details.
ADT, founded in 1874 as American District Telegraph, is described in the material as the oldest and largest home security company in the United States, serving more than 6 million residential and small business customers. The company had previously disclosed two other data breaches in August 2024 and October 2024 that exposed employee and customer information.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
What ADT Said Was Accessed
ShinyHunters had claimed last week that it stole more than 10 million records containing personally identifiable information and corporate data from ADT. When asked to confirm the group’s claims, ADT said it detected the breach on April 20 and that a follow-up investigation found the intrusion was limited, though it allowed attackers to access some individuals’ personal information.
The company said the information involved was limited to names, phone numbers and addresses, while in a smaller percentage of cases dates of birth and the last four digits of Social Security numbers or Tax IDs were also included. ADT further said no payment information, including bank account or credit card details, was accessed, and that customer security systems were not affected or compromised. ShinyHunters later leaked an 11GB archive of stolen data on its dark web leak site after failing to extort the company.
Suspected Method and Wider Campaign
The extortion group told BleepingComputer it breached ADT after compromising an employee’s Okta single sign-on account in a voice phishing attack. Using that employee account, the attackers allegedly gained access to the company’s Salesforce instance and stole data from there.
The report also links ShinyHunters to widespread vishing campaigns that began last year and target employee and business process outsourcing agents’ Microsoft Entra, Okta and Google SSO accounts. After breaching corporate SSO accounts, the group is said to steal data from connected software-as-a-service applications including Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk and Dropbox. The screenshots further say the group has recently claimed breaches involving Medtronic, the European Commission, Rockstar Games, McGraw Hill, 7-Eleven, Carnival, Zara and Udemy.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
