America's Largest Home Security Company Got Breached by a Phone Call—ShinyHunters Stole 10 Million Records

What Was Stolen

ADT confirmed that the stolen data includes:

• Customer names
• Phone numbers
• Physical addresses
• Dates of birth (limited percentage)
• Last four digits of Social Security numbers or Tax IDs (limited percentage)

ADT stated that no payment information, bank accounts, or credit card numbers were accessed. Customer security systems were not compromised either. But for a company that guards people's homes, the theft of physical addresses combined with names and phone numbers creates a distinctly uncomfortable situation.

The Ransom Deadline

ShinyHunters posted a ransom notice on their leak site: "Over 10M records containing PII and other internal corporate data have been compromised. Pay or Leak." The group set April 27, 2026 as the deadline, warning ADT to "reach out before we leak, along with several annoying digital problems that'll come your way."

At the time of writing, ADT has not disclosed whether it engaged with the ransom demand. The company stated it has contacted all affected individuals.

How Voice Phishing Bypasses Technical Defenses

The attack method, known as vishing, is becoming the preferred entry point for groups like ShinyHunters. Instead of sending phishing emails that might be caught by spam filters, attackers call employees directly. They impersonate IT support, reference internal systems by name, and create a sense of urgency that makes the target hand over credentials voluntarily.

This approach is effective because it bypasses nearly every technical control. Email filters, URL scanners, and sandbox detonation tools are useless against a phone call. Once the attacker has valid Okta credentials, they look like a legitimate user to every downstream system, including Salesforce.

ShinyHunters has used this exact playbook before. The group recently breached Canada Life through a single employee's compromised Salesforce account, stealing 5.6 million records. They also hit McGraw Hill through the same Salesforce vector, threatening to leak 45 million records.

ADT's Third Breach in Under a Year

This is not ADT's first security incident. The company disclosed breaches in August 2024 and October 2024, making this the third confirmed breach in less than twelve months. The pattern suggests systemic weaknesses in ADT's security posture that go beyond any single vulnerability.

For a company whose entire business model is built on protecting homes and businesses from intruders, repeated breaches of its own systems undermine the core value proposition. ADT serves over six million customers across the United States, making it the largest home security provider in the country.

The Salesforce Problem

ShinyHunters has turned Salesforce into a preferred target. The CRM platform often holds the most complete customer datasets in an organization, including names, addresses, phone numbers, purchase history, and support interactions. When attackers compromise SSO credentials, Salesforce becomes a one stop shop for data exfiltration.

The pattern across ShinyHunters' recent attacks is consistent: compromise one employee account through social engineering, pivot to Salesforce, and extract everything. The group has hit at least five major organizations through this exact path in 2026 alone, including Hims & Hers through its Zendesk integration.

What ADT Customers Should Do

If you are an ADT customer:

• Watch for targeted scams. Attackers who have your name, address, and phone number can craft convincing phishing messages impersonating ADT or local authorities. Be skeptical of any unsolicited contact referencing your home security system.
• Monitor your credit. If your Social Security number was in the limited percentage exposed, consider placing a credit freeze with the three major bureaus.
• Change your ADT account password. While ADT says security systems were not compromised, rotating credentials after any breach is basic hygiene.
• Be wary of voice calls. The same vishing technique used to breach ADT can be used against you. Never provide account credentials or personal information to an inbound caller claiming to be from your security company.

The Bigger Picture

Voice phishing attacks are surging because they work. The FBI reported that business email compromise and social engineering drove $17.6 billion in losses in 2025. ADT's breach is another data point in a trend: the weakest link in enterprise security is not the firewall or the endpoint agent. It is the employee who picks up the phone.

ShinyHunters' ransom deadline of April 27 means ADT's customers may soon learn whether their data is headed to the open internet. Either way, the breach has already happened. The question now is how many more organizations will fall to the same playbook before vishing defenses catch up to email phishing defenses.