ShinyHunters claims responsibility for breaching Dutch telecom Odido and posting millions of stolen customer records on its dark web leak site. Odido says around 6.2 million customers were affected, denies exposure of passwords or billing data, and has reported the incident while engaging external responders. #ShinyHunters #Odido
Keypoints
- ShinyHunters claims to have stolen nearly 21 million records linked to Odido.
- Odido disclosed the breach on February 12 after attackers accessed its customer contact system on February 7.
- Exposed data may include names, addresses, phone numbers, email addresses, IBANs, dates of birth, and some ID numbers.
- Odido maintains that no Mijn Odido passwords, call details, location data, billing data, or scans of identity documents were exposed.
- ShinyHunters has used vishing and OAuth device-code abuse to hijack SSO accounts and access connected enterprise services.