
VoicephishingturnedSSOpivotsintocloudCRMswasn’tanabstractthreatthisseason;itbecameanoperationalrealitywhenShinyHuntersadvertisedstolenADTdataandsetanextortiondeadlinewhileboastingofOktaandSalesforceabuse. The chain began with a call, according to the threat actor’s claims, and ended with a data haul large enough to rattle customers and investors even if core systems stayed online. ADT disclosed in an SEC Form 8-K that it detected unauthorized access to certain cloud-based environments on April 20 and publicly announced on April 24, framing the episode










