Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Hackers got data on 5.5 million ADT customers by phishing, report says [View all]
Another massive data breach is attributed to a single-sign-on attack.Millions of people use security company ADT to protect their home or business. And yet their cybersecurity may have been compromised in the latest high-profile breach from hacking group ShinyHunters.
The website Have I Been Pwned reports that a ShinyHunters data breach included 5.5 million unique email addresses associated with ADT customers. ADT says that customers' payment information wasn't compromised.
Still, the company confirmed that the breach included customer names, phone numbers, and addresses, as well as Social Security and Tax ID numbers in a minority of cases.
"ADT's cybersecurity systems detected unauthorized access to a limited set of customer and prospective customer data on April 20," reads an ADT blog post confirming the breach. "The company's response protocols activated immediately — terminating the intrusion, launching a forensic investigation with leading third-party cybersecurity experts, and notifying law enforcement."
https://mashable.com/article/adt-shinyhunters-data-breach-5-5-million-people
This data breach was reported about a month ago, but don't recall seeing in on DU.
It's bothersome that a security company's data would be compromised. I don't have a ADT account, but I received the hacker spam yesterday; I suspect they got my email when I submitted a temporary change of address form to the USPS, which typically floods the change of address process with contact information for a raft of commercial products and services providers (including ADT).
For those who may be curious about what a hacker spam email might read, I include it in the following:
Hello,
We are the ShinyHunters hacking group.
A few months ago, we gained access to your devices and started monitoring your online activities.
What happened:
We gained access to the ADT.com (Home Security) database where you have an account and easily accessed your email.
You weren't very careful about the links you opened.
A week later, we installed an exploit on your devices, including your phone, giving us access to your microphone,
camera, keyboard, and all your data.
We have your photos, browsing history, conversations, and contact list.
Among other things, we discovered that you frequently visit adult websites and watch explicit videos.
We managed to record you and created videos of you pleasuring yourself.
With a few clicks, we can share these videos with your friends,
colleagues, and family or even make them public.
Proposal:
Send us $2000 in Bitcoin to the following wallet:
1FXDapqYJTHeXafDFC1j35zSWZDkLh5qyf
We'll delete everything immediately.
You have 48 hours from the moment you open this email.
Once the payment is received, we'll remove the malware from your devices.
What you should NOT do:
Do not reply (email was sent from a hacked account).
Do not contact the police or anyone else—we'll release the videos along with other stuff all over the internet.
Do not try to reset your devices—everything is stored on remote servers.
What you don’t need to worry about:
We will see your payment immediately—the wallet is generated specifically for you.
We will not share your videos or other things after payment—there is no reason to continue causing problems.
We are the ShinyHunters hacking group.
A few months ago, we gained access to your devices and started monitoring your online activities.
What happened:
We gained access to the ADT.com (Home Security) database where you have an account and easily accessed your email.
You weren't very careful about the links you opened.
A week later, we installed an exploit on your devices, including your phone, giving us access to your microphone,
camera, keyboard, and all your data.
We have your photos, browsing history, conversations, and contact list.
Among other things, we discovered that you frequently visit adult websites and watch explicit videos.
We managed to record you and created videos of you pleasuring yourself.
With a few clicks, we can share these videos with your friends,
colleagues, and family or even make them public.
Proposal:
Send us $2000 in Bitcoin to the following wallet:
1FXDapqYJTHeXafDFC1j35zSWZDkLh5qyf
We'll delete everything immediately.
You have 48 hours from the moment you open this email.
Once the payment is received, we'll remove the malware from your devices.
What you should NOT do:
Do not reply (email was sent from a hacked account).
Do not contact the police or anyone else—we'll release the videos along with other stuff all over the internet.
Do not try to reset your devices—everything is stored on remote servers.
What you don’t need to worry about:
We will see your payment immediately—the wallet is generated specifically for you.
We will not share your videos or other things after payment—there is no reason to continue causing problems.
2 replies
= new reply since forum marked as read
= new reply since forum marked as read