ADT Inc.
April 20, 2026
•[ vishing, social engineering, data breach ]
ShinyHunters compromised an ADT employee Okta SSO account through vishing, used the account to access ADTs Salesforce instance, and stole personal information later assessed by Have I Been Pwned as affecting 5.5 million individuals.
Nordstrom
March 17, 2026
•[ phishing, cryptocurrency scam, SSO compromise ]
Cybernews reported Nordstrom customers received fraudulent emails from an official Nordstrom email address promoting a St. Patricks Day double your crypto scam. Reporting cited a source saying the breach occurred via an Okta SSO to Salesforce compromise, and scam emails were sent using Salesforce Marketing Cloud. Analysis of the scam wallet address indicated the attacker received a little over $5,600 in cryptocurrency.
