[analyse_image type=”featured” src=”https://helios-i.mashable.com/imagery/articles/03jbe30H1zpbBNZ7cDWKHEj/hero-image.fill.size_1200x675.v1777323884.jpg”]
Hackers got data on 5.5 million ADT customers by phishing, report says
on
Millions of people use security company ADT to protect their home or business. And yet their cybersecurity may have been compromised in the latest high-profile breach from hacking group ShinyHunters.
The website Have I Been Pwned reports that a ShinyHunters data breach included 5.5 million unique email addresses associated with ADT customers. ADT says that customers’ payment information wasn’t compromised.
Still, the company confirmed that the breach included customer names, phone numbers, and addresses, as well as Social Security and Tax ID numbers in a minority of cases.
You May Also Like
“ADT’s cybersecurity systems detected unauthorized access to a limited set of customer and prospective customer data on April 20,” reads an ADT blog post confirming the breach. “The company’s response protocols activated immediately — terminating the intrusion, launching a forensic investigation with leading third-party cybersecurity experts, and notifying law enforcement.”
ShinyHunters told Bleeping Computer they gained access to the ADT Salesforce account by compromising an employee’s Okta SSO login credentials. Bleeping Computer added that the hackers used voice phishing. The recent Panera Bread breach, also traced back to ShinyHunters, reportedly also involved SSO phishing.
Okta, a popular SSO service provider, recently warned about the prevalence of voice phishing attacks (also known as vishing) in a recent blog post, which included tips for guarding against these cyberattacks.
ShinyHunters is a prolific hacking organization. In recent months, the group has also been responsible for high-profile breaches involving Rockstar Games, Crunchyroll, Salesforce, Bumble, and others. Ransomware attacks may result.
In a typical ransomware attack, the hackers threaten to release or sell leaked customer or company data on the dark web unless the compromised organization agrees to pay a ransom.
Want to learn more about getting the best out of your tech? Sign up for Mashable’s Top Stories and Deals newsletters today.
TopicsCybersecurity
Timothy Beck Werth is the Tech Editor at Mashable, where he leads coverage and assignments for the Tech and Shopping verticals. Tim has over 15 years of experience as a journalist and editor, and he has particular experience covering and testing consumer technology, smart home gadgets, and men’s grooming and style products. Previously, he was the Managing Editor and then Site Director of SPY.com, a men’s product review and lifestyle website. As a writer for GQ, he covered everything from bull-riding competitions to the best Legos for adults, and he’s also contributed to publications such as The Daily Beast, Gear Patrol, and The Awl.
Tim studied print journalism at the University of Southern California. He currently splits his time between Brooklyn, NY and Charleston, SC. He’s currently working on his second novel, a science-fiction book.
[analyse_source url=”https://mashable.com/article/adt-shinyhunters-data-breach-5-5-million-people”]