ADT Data Breach Exposes 5.5 Million Customer Records in SSO Attack
Security and smart home provider ADT confirmed a data breach affecting 5.5 million customers after hacking group ShinyHunters compromised an employee’s Okta single sign-on (SSO) credentials through a voice phishing (vishing) attack. The breach, detected on April 20, exposed customer names, phone numbers, addresses, and in some cases Social Security and Tax ID numbers, though payment information remained secure.
ADT responded by terminating the unauthorized access, launching a forensic investigation with third-party cybersecurity experts, and notifying law enforcement. According to Bleeping Computer, ShinyHunters gained entry via an ADT Salesforce account after obtaining the employee’s Okta login details through vishing a tactic also linked to the group’s recent Panera Bread breach.
ShinyHunters, known for high-profile attacks on companies like Rockstar Games, Crunchyroll, and Bumble, has increasingly targeted SSO vulnerabilities. Okta recently warned about the rise of vishing attacks, which manipulate victims into divulging credentials over the phone.
The breach highlights the growing risk of SSO-based attacks and the persistent threat posed by cybercriminal groups exploiting human and technical weaknesses in enterprise security.
Source: https://mashable.com/article/adt-shinyhunters-data-breach-5-5-million-people
Panera Bread cybersecurity rating report: https://www.rankiteo.com/company/panera-bread
ADT cybersecurity rating report: https://www.rankiteo.com/company/adt
Salesforce cybersecurity rating report: https://www.rankiteo.com/company/salesforce
"id": "PANADTSAL1777328877",
"linkid": "panera-bread, adt, salesforce",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5.5 million',
'industry': 'Security and Smart Home Services',
'name': 'ADT',
'type': 'Company'}],
'attack_vector': 'Voice Phishing (Vishing)',
'data_breach': {'number_of_records_exposed': '5.5 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII, SSN, Tax ID)',
'type_of_data_compromised': ['Customer names',
'Phone numbers',
'Addresses',
'Social Security numbers',
'Tax ID numbers']},
'date_detected': '2024-04-20',
'description': 'Security and smart home provider ADT confirmed a data breach '
'affecting 5.5 million customers after hacking group '
'ShinyHunters compromised an employee’s Okta single sign-on '
'(SSO) credentials through a voice phishing (vishing) attack. '
'The breach exposed customer names, phone numbers, addresses, '
'and in some cases Social Security and Tax ID numbers, though '
'payment information remained secure.',
'impact': {'data_compromised': '5.5 million records',
'identity_theft_risk': 'High (Social Security and Tax ID numbers '
'exposed)',
'payment_information_risk': 'None (payment information remained '
'secure)',
'systems_affected': 'Salesforce account, Okta SSO'},
'initial_access_broker': {'entry_point': 'Okta SSO credentials via vishing'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The breach highlights the growing risk of SSO-based '
'attacks and the persistent threat posed by cybercriminal '
'groups exploiting human and technical weaknesses in '
'enterprise security.',
'post_incident_analysis': {'root_causes': 'Compromised employee credentials '
'via vishing, exploitation of SSO '
'vulnerabilities'},
'references': [{'source': 'Bleeping Computer'}],
'response': {'containment_measures': 'Terminated unauthorized access',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'Yes (forensic investigation with '
'cybersecurity experts)'},
'threat_actor': 'ShinyHunters',
'title': 'ADT Data Breach Exposes 5.5 Million Customer Records in SSO Attack',
'type': 'Data Breach',
'vulnerability_exploited': 'SSO Credentials (Okta)'}