The ShinyHunters extortion group breached ADT, the largest US home security company, stealing personal information of 5.5 million people. The attackers gained access via a vishing attack that compromised an employee's Okta SSO account, then exfiltrated data from ADT's Salesforce instance. Stolen data includes names, phone numbers, addresses, dates of birth, and partial Social Security numbers. After ADT refused to pay, ShinyHunters leaked an 11GB archive on their dark web site. No payment information or customer security systems were affected. ShinyHunters has been running widespread vishing campaigns targeting corporate SSO accounts and has recently claimed breaches at Medtronic, the European Commission, Rockstar Games, and others.
Table of contents
Related Articles:Sort: