Another significant data breach is linked to a single-sign-on attack.
Millions rely on ADT for home or business security. However, a recent high-profile breach by the hacking group ShinyHunters could have compromised their cybersecurity. According to Have I Been Pwned, the breach involved 5.5 million unique ADT customer email addresses. ADT confirmed that no payment information was compromised but acknowledged that names, phone numbers, addresses, and, in a few cases, Social Security and Tax ID numbers were affected.
“ADT’s cybersecurity systems detected unauthorized access to a limited set of customer and prospective customer data on April 20,” an ADT blog post confirms. “Response protocols were immediately activated — terminating the intrusion, launching a forensic investigation with third-party cybersecurity experts, and notifying law enforcement.”
ShinyHunters told Bleeping Computer they accessed ADT’s Salesforce account by compromising an employee’s Okta SSO login credentials, using voice phishing. Previous breaches, such as one involving Panera Bread, were also linked to ShinyHunters using SSO phishing. Okta recently highlighted the rising voice phishing threat in a blog post, providing tips to mitigate these attacks.
ShinyHunters is known for high-profile breaches, including those affecting Rockstar Games, Crunchyroll, Salesforce, and Bumble. These incidents often result in ransomware attacks, where hackers threaten to release or sell data unless a ransom is paid.
For more insights on tech, sign up for Mashable’s Top Stories and Deals newsletters today.
Topics: Cybersecurity