ADT home security breach exposes customer data on hacker forum


ADT, one of the leading home security companies in the US, has revealed that its systems were breached in a cyberattack last weekend. Now, an alleged ADT database of customers’ private info has been spotted for sale on the popular online hacker marketplace BreachForums.

ADT filed an 8K regulatory breach report with the US Securities and Exchange Commission (SEC), stating it first discovered the unauthorized intrusion on August 3rd, five days ago.

“ADT Inc. recently experienced a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information,” the filing said.

The company said that once it became aware of the incident, ADT “promptly took steps to shut down the unauthorized access and launched an investigation,” bringing in outside cybersecurity experts.

ADT said the attackers were able to gain access to “limited customer information,” to include email addresses, phone numbers and postal addresses.

More importantly, ADT said preliminary investigations show that no customers’ home security systems were compromised during the attack.

ADT SEC 8K filing
ADT filed an 8K breach notice with the US Securities and Exchange Commission on August 8th. Image by Cybernews.

Founded in 1874, the American security services company provides smart home and small business security services, including equipment, installation, CCTV, fire protection, and other in-house alarm-type monitoring services across the US, Canada, and the UK.

Headquartered in Boca Raton, Florida, ADT services over 6.5 million customers according to its website.

The number of ADT customers impacted by the breach is only “a small percentage of the Company’s overall subscriber base,” it said, without providing an exact amount.

The company also said it believes the attackers were unable to access any payment information stored in ADT networks such as banking information and credit card account numbers.

Cybernews has reached out to ADT but the company has not responded as of this report.

Hacker posts customer database

On July 31st, a bad actor on the popular hacker marketplace BreachForums posted what appears to be a data sample purportedly belonging to an ADT database of sensitive customer information.

This implies that the attackers were inside ADT systems for days, if not weeks, before the company realized it had been breached.

Posting under the user name “@netnsher,” the hacker and his partner @grimoire claim to have stolen over “30,812 records, including 30,400 unique emails” from ADT systems. They are offering to unlock the database for “8 credits,” which Breached users can either earn by posting or buy with crypto.

ADT database BreachForums
Hacker posts alleged ADT sample on BreachForums, a popular cybercriminal marketplace to buy, trade, and sell stolen data. Image by Cybernews.

The duo, who call themselves the “SkibidiSec,” posted that besides email and full address, the compromised data contains multiple User IDs and includes the name and brand of security products purchased from ADT, plus other information.

Cybernews can confirm the data sample posted on the forum site shows one customer’s alleged information – email, full address, order ID #, appointment ID #, exact product purchased (Google Nest doorbell w/battery in this case), and the number of products purchased. The sample also shows a section for pre-work status, which, in this specific instance, is listed as “Not Started.”

The post, updated on August 2nd, also provides a unique customer user ID and a “customer portal” URL which directly links to a welcome connect and installation page for the customer.

ADT database BreachForums sample link
URL sample link from an alleged ADT leak sample returns a unique installation page for Google Nest. Image by Cybernews.

One BreachForums user commenting on the post claimed the stolen cache “seems to be of good quality and is around 32MB in size.”

Another user asked “how old is this breach?” but @netnsher, who only joined the forum at the end of June, has not replied to the query.

About a week before posting the ADT database, SkibidiSec claims to have breached the Asian online market Whee!, also offering up an alleged 3200 stolen files of internal and employee data.

ADT said the investigation is ongoing and affected customers have already been notified.

Owned by Apollo Global Management, In 2020 Google invested nearly $450 million in ADT, acquiring a 6.6% share in the home security company.