Overview
- Have I Been Pwned on Monday said 5.5 million people were exposed after it analyzed the cache that ShinyHunters released.
- ADT said the stolen data includes names, phone numbers and addresses, with some records listing birth dates and the last four digits of Social Security or Tax IDs, and it reported no payment data or alarm systems were touched.
- ADT said it detected the intrusion on April 20, cut off access, hired outside incident responders, and notified law enforcement.
- ShinyHunters claimed it phished an employee’s Okta single sign-on to reach Salesforce and later posted an 11GB dump after failed talks to get paid.
- ADT is notifying affected people and offering identity-theft protection, and those caught up in the leak face a higher risk of targeted phishing using exposed email addresses.