ShinyHunters Hit Medtronic and ADT: 14.5M Records Stolen via AI Vishing and Salesforce

The ShinyHunters attack chain that hit both Medtronic and ADT follows a documented three-stage sequence that has now been used against hundreds of enterprise targets in 2026.

In the ADT breach — the most fully disclosed of the two — ShinyHunters initiated a voice phishing call to an ADT employee on April 20, 2026, impersonating IT helpdesk staff and requesting MFA credential validation. The employee surrendered their Okta single sign-on credentials. Attackers used those credentials to authenticate into ADT's Salesforce Customer Relationship Management instance and exported customer records containing names, phone numbers, and addresses for the vast majority of victims, with a smaller subset also exposing dates of birth and partial SSN or Tax ID data. ADT detected and terminated the intrusion but confirmed the exfiltration. ShinyHunters set an April 27 ransom deadline and, after it expired, began threatening data publication.

The Medtronic breach followed the same pattern. ShinyHunters listed Medtronic on its dark web extortion site on April 18, issued a three-day ransom negotiation deadline on April 21, and confirmed the theft of over 9 million records and terabytes of internal corporate data. Medtronic disclosed on April 27 that its corporate IT systems had been accessed, confirming that hospital customer networks and medical device systems remained separate and unaffected. The group later removed Medtronic from the leak site, suggesting negotiations may have progressed.

Both breaches are consistent with ShinyHunters' documented use of AI-powered vishing platforms — Bland AI and Vapi — to automate social engineering calls at scale, as analyzed by EclecticIQ's threat intelligence team. The AI voice platforms generate realistic helpdesk impersonations that are difficult to distinguish from legitimate IT calls, making employee training against traditional phishing insufficient. Organizations relying on push-based MFA (Okta Verify, Microsoft Authenticator) rather than phishing-resistant FIDO2 keys are structurally vulnerable to this technique.

ShinyHunters does not limit its targeting to a single sector — the group attacks any organization with a Salesforce or cloud SaaS footprint and Okta SSO authentication. However, the 2026 campaign shows clear concentration in sectors holding high-value PII at scale.

Healthcare and medical technology represent the most alarming vector. The Medtronic breach demonstrates that even highly regulated organizations with strict data governance are vulnerable when cloud application authentication relies on push-based MFA. Nine million records from a medical device company exposes patient relationships, implanted device data, and clinical trial information — categories with significant downstream fraud and social engineering value beyond a ransom transaction.

Home security and physical infrastructure represent a distinct risk category. The ADT breach exposed residential addresses cross-referenced with home security system ownership — a dataset with obvious value for physical crime planning. This is ADT's third breach in approximately eight months, signaling a persistent targeting pattern rather than opportunistic compromise.

The retail, gaming, and education sectors have seen the highest raw victim counts. ShinyHunters breached Rockstar Games (claiming 80 million records), Udemy (1.4 million records), Zara, 7-Eleven, Carnival Corporation, and Amtrak — all via the same Salesforce and SSO attack chain documented in our [Amtrak ShinyHunters Salesforce breach analysis](/blog/amtrak-shinyhunters-salesforce-breach-9-million-records). Telecom remains the highest-value single target: the $65 million ransom demand against Telus Digital for 1 petabyte of data represents the most aggressive extortion demand the group has issued.

The common thread across all 400+ victims is not sector — it is technology stack. Salesforce Experience Cloud with misconfigured guest user permissions, combined with Okta SSO without phishing-resistant MFA, is the attack surface ShinyHunters has systematically weaponized throughout 2026.

Traditional phishing awareness training has almost no defensive value against ShinyHunters' AI vishing technique — and that is by design. The group uses AI-powered voice call platforms, specifically Bland AI and Vapi, to generate realistic, context-aware helpdesk impersonations that operate at a scale and realism no human calling operation could match.

The ShinyHunters vishing playbook follows a documented pattern analyzed by EclecticIQ. Calls begin with a calm, cooperative tone and a plausible IT scenario — a reported login anomaly, a suspicious access alert, a mandatory MFA re-enrollment. The caller knows the target's name, sometimes their role, and the name of their organization's IT system — information scraped from LinkedIn, previous breach data, or the victim company's public Salesforce portal. This specificity creates the illusion of legitimacy that generic phishing lacks.

The call gradually escalates from benign requests (confirming a username) to sensitive ones (approving an MFA push notification, providing a one-time code, or installing a remote management tool). Employees who recognize phishing emails often fail to apply the same skepticism to a professional-sounding phone call from someone who already knows their name and employer.

The AI automation is the force multiplier. A single ShinyHunters operator can run hundreds of concurrent vishing calls using these platforms, targeting employee lists across multiple organizations simultaneously. The marginal cost per call approaches zero. This transforms vishing from a targeted, labor-intensive attack into a scalable mass-campaign technique that makes every employee in a Salesforce-connected organization a potential entry point.

Push-based MFA — Okta Verify, Microsoft Authenticator, Google Authenticator — provides no protection against vishing. An employee tricked into approving an MFA push has fully authenticated the attacker. Only phishing-resistant FIDO2 hardware keys (YubiKey, Google Titan) cryptographically bind the authentication to the legitimate origin domain, making the credential useless on an attacker's device regardless of employee action.

The Salesforce exploitation phase of the ShinyHunters attack chain is technically sophisticated and targets a misconfiguration that affects a significant proportion of Salesforce Experience Cloud deployments — organizations that built customer-facing portals without correctly restricting guest user access to backend data objects.

Salesforce Experience Cloud portals that give guest users overly permissive access to Apex controllers or SOQL-accessible record objects expose those records to unauthenticated or minimally authenticated API calls via the Aura framework's /s/sfsites/aura endpoint. ShinyHunters identified this misconfiguration pattern at scale by weaponizing AuraInspector — a legitimate open-source security auditing tool released in January 2026 to help Salesforce administrators find exposed guest configurations — and modifying it for automated mass-scanning and exfiltration.

The technical exfiltration method uses 'boxcar bundling': ShinyHunters bundles up to 250 Salesforce Aura server-side actions into a single POST request to the /s/sfsites/aura endpoint. This dramatically reduces the number of API calls required to extract large datasets, bypassing Salesforce's standard query volume limits. The group further exploits the sortBy parameter in Salesforce's GraphQL API to bypass the default 2,000-record result cap, and uses Base64-encoded cursor tokens in the after parameter to paginate through millions of records systematically.

This technique requires no account credentials when the misconfiguration exists — it exploits guest user permissions that the Salesforce administrator has failed to restrict. This is why phishing-resistant MFA, while critical, is not sufficient protection on its own: organizations with misconfigured Salesforce guest permissions can be breached without any credential compromise at all. The full ShinyHunters Salesforce exploitation methodology, including the McGraw-Hill breach where 45 million records were exfiltrated, was documented in our earlier analysis of the [ShinyHunters McGraw-Hill Salesforce breach](/blog/shinyhunters-mcgraw-hill-salesforce-breach-45-million).

ShinyHunters leaves a consistent set of network, application, and behavioral indicators that security teams can hunt for across their environments. Detection should be layered across identity, cloud application, and network telemetry simultaneously.

The ShinyHunters attack chain has two distinct entry points — vishing-based MFA bypass and Salesforce misconfiguration — requiring parallel defensive action. Neither control alone is sufficient.

The ShinyHunters Medtronic data breach is significant beyond its record count. Medtronic manufactures implanted cardiac devices, insulin pumps, neurostimulators, and surgical robotics — and its corporate IT systems contain customer relationships, patient enrollment data from clinical studies, and device configuration data linked to individual patients.

Data at this intersection of identity and medical device history has downstream fraud implications that extend well beyond typical PII breach scenarios. Social engineering attacks leveraging knowledge of a patient's implanted device type or clinical trial participation can bypass security questions, manipulate healthcare interactions, and facilitate insurance fraud. The data retains value for years.

The broader implication for healthcare security teams is that ShinyHunters' pure-exfiltration model — no ransomware encryption, no operational disruption — means healthcare organizations' traditional continuity planning provides zero defensive value. You will not know you have been breached until ShinyHunters announces it. By then, the data is already gone. Detection and prevention must shift to identity telemetry monitoring, Salesforce API anomaly detection, and hardened MFA — not backup verification.

ShinyHunters stole 14.5 million records from Medtronic and ADT in one week using AI vishing and Salesforce misconfigurations that remain unpatched across hundreds of organizations right now. The three actions that will stop this attack chain: replace push-based MFA with FIDO2 keys on every privileged account today, run AuraInspector against your Salesforce Experience Cloud instance this week, and enable Salesforce Transaction Security Policies to catch bulk exports before they complete. If you run Salesforce and Okta, you are in ShinyHunters' target list — act before they announce you.