ADT Suffers Third Breach Since 2024 — ShinyHunters Leak 5.5 Million Customer Records After Okta SSO Compromise
Summary
Home security giant ADT has confirmed a data breach affecting approximately 5.5 million current and prospective customers, with the ShinyHunters hacking group claiming responsibility. This marks ADT’s third breach since 2024 — a pattern that is becoming increasingly difficult to dismiss as bad luck.
The attackers gained access to ADT’s Salesforce cloud environment by compromising an employee’s Okta single sign-on (SSO) credentials through a voice phishing (vishing) attack. The stolen data includes names, email addresses, phone numbers, physical addresses, dates of birth, and the last four digits of Social Security numbers or Tax IDs. ADT claims payment information and customer security systems were not affected.
After ADT refused to comply with extortion demands, ShinyHunters leaked an 11GB archive of the stolen data on a dark web site. The breach was disclosed in April 2026.
Sources
Commentary
Three breaches in two years. At some point, a company that sells security needs to take a hard look at its own security posture. The irony isn’t lost on anyone. The attack vector — vishing an employee to compromise Okta SSO — is social engineering 101, and the fact that it yielded access to a Salesforce instance containing millions of customer records suggests serious gaps in access controls and monitoring.
ShinyHunters has been on a tear in 2026, hitting everything from Canvas LMS to Medtronic. The group’s MO is straightforward: breach, extort, leak. ADT’s refusal to pay is the right call, but 5.5 million people are now at elevated risk of phishing and identity fraud. If you’re an ADT customer, assume your data is out there and act accordingly.
