ADT & Udemy Extortion Deadline: 11M+ Records at Risk

The hacking group ShinyHunters has issued a final ultimatum to ADT Inc. and Udemy, setting a hard deadline of **April 27, 2026**, for a combined ransom payment of $20 million. Failure to pay will result in the public dump of **11.4 million customer records**, including PII, hashed passwords, and internal system logs.

ADT: 10 Million Security Customer Records

The ADT breach is particularly concerning given the nature of the company’s services. Attackers claim to have exfiltrated data including **customer addresses, security system configurations, and master user IDs**. While ADT has stated that "no payment information" was compromised, the potential for targeted physical security risks remains high if these configurations are leaked.

Udemy: 1.4 Million Learning Records

Udemy confirmed a targeted exfiltration from a secondary marketing database. The stolen data includes **learner emails, course completion histories, and IP logs**. While less critical than ADT’s data, the Udemy dump is being marketed on dark web forums as a "high-quality list for AI-targeted phishing," highlighting how exfiltrated data is now being used to train malicious social engineering models.

Technical Vector: AI-Automated Reconnaissance

Research by **Mandiant** suggests that ShinyHunters utilized a new variant of Agentic Reconnaissance. By deploying autonomous agents that scan for "trust-boundary drift" in cloud configurations, the group identified a misconfigured S3 bucket at a third-party vendor common to both ADT and Udemy. The speed of the exfiltration suggests the use of parallelized LLM-driven filtering to prioritize high-value customer records.

Remediation Steps

Customers of both services are urged to rotate their passwords and enable **FIDO2-based hardware MFA** immediately. As the April 27 deadline passes, security teams are monitoring "paste" sites and peer-to-peer sharing networks for the first signs of the data dump.