ADT, the home security giant that commands roughly 41% of the US residential security market, has confirmed that it recently suffered a data breach orchestrated by the notorious ShinyHunters extortion group.
The company detected the unauthorized access to its network on April 20 and claims it shut down the intrusion before launching an investigation. This is, unfortunately, another black eye for the firm after it suffered two separate breaches back in 2024.
In a statement to BleepingComputer, ADT claimed that its investigation found that the stolen information was limited to "names, phone numbers, and addresses," save for a "small percentage of cases" where dates of birth and the last four digits of Social Security numbers were also included:
In a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included. Critically, no payment information — including bank accounts or credit cards — was accessed, and customer security systems were not affected or compromised in any way.
Contrary to ADT"s claims that only limited data was affected, ShinyHunters posted on its data leak site that the breach is much larger. The group alleges it has stolen over 10 million customer records, plus "internal corporate data" and information affecting over 1,500 external users and 120 employees. The group gave ADT a deadline of April 27 to pay an undisclosed ransom or the data would be leaked.
ShinyHunters told BleepingComputer that it breached the security company"s network through a sophisticated voice phishing, or "vishing," attack that tricked an employee into giving up credentials for their Okta single sign-on (SSO) account. Once inside, the hackers used that privileged access to pivot into the company"s Salesforce instance, where they siphoned out the customer and corporate data.
ADT is not the only victim of ShinyHunters" attacks this year. This month, the hackers claimed a breach of the online learning platform Udemy. In March, they targeted the European Commission"s cloud infrastructure. Earlier in the year, they also claimed responsibility for hacks against Wynn Resorts and the financial tech company Crunchbase.