Ethical Hacking News
ShinyHunters has claimed responsibility for breaching Dutch telecommunications provider Odido, exposing personal data of 6.2 million customers. The breach is the latest in a string of high-profile attacks attributed to the extortion gang.
ShinyHunters, an extortion gang, has breached Dutch telecommunications provider Odido, compromising millions of user records. The breach exposed sensitive information for 6.2 million customers, including names, addresses, mobile numbers, and identification details. Odido claims no Mijn Odido passwords or other critical data were compromised during the incident. ShinyHunters has previously breached numerous high-profile targets, including Panera Bread, Betterment, and online dating giant Match Group. The gang employs sophisticated tactics, such as voice phishing and device code vishing attacks, to gain unauthorized access to sensitive data. Odido has reported the breach to the Dutch Data Protection Authority and hired external cybersecurity experts to assist with incident response efforts.
ShinyHunters, an extortion gang notorious for its brazen cyber attacks, has now claimed responsibility for breaching Dutch telecommunications provider Odido, compromising millions of user records. This latest incident serves as a stark reminder of the ever-evolving landscape of cybersecurity threats, where hackers continue to adapt and exploit vulnerabilities with alarming frequency.
According to reports, ShinyHunters gained access to Odido's customer contact system on February 7, after which they downloaded personal data from millions of users. The breach, which was disclosed by the company on February 12, has exposed sensitive information for 6.2 million customers, including names, addresses and city of residence, mobile numbers, customer numbers, email addresses, IBAN (bank account numbers), dates of birth, and some identification details such as passport or driver's license numbers.
While Odido claims that no Mijn Odido passwords, call details, location data, billing data, or scans of identity documents were exposed during the incident, the company has nonetheless reported the breach to the Dutch Data Protection Authority and taken steps to block the attackers' access to its systems. Furthermore, external cybersecurity experts have been hired to assist with incident response and mitigation efforts.
The ShinyHunters extortion gang's involvement in this breach is a clear indication of their modus operandi, which involves using sophisticated cyber attacks to gain unauthorized access to sensitive data. The group has previously claimed responsibility for breaches at Panera Bread, Betterment, SoundCloud, Canada Goose, PornHub, and online dating giant Match Group (which owns the Tinder, Hinge, Meetic, Match.com, and OkCupid dating platforms).
In recent weeks, ShinyHunters has employed a range of tactics to breach its targets' systems. These have included voice phishing (vishing) attacks targeting single sign-on (SSO) accounts at Google, Microsoft, and Okta, as well as device code vishing attacks that abuse the OAuth 2.0 device authorization grant flow to obtain Microsoft Entra authentication tokens.
The threat actors then use these stolen credentials and auth codes to hijack their victims' SSO accounts and breach connected enterprise services such as Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, and numerous others. This level of sophistication underscores the ever-growing complexity of modern cybersecurity threats.
Moreover, the ShinyHunters extortion gang has taken a more brazen approach in its latest attack on Odido. The group has added the company to its dark web leak site, claiming that they have stolen nearly 21 million records containing data that the company had already revealed as exposed during the breach.
However, an Odido spokesperson denied these claims, stating that "no passwords, call details, social security numbers, or billing data are involved." This seeming contradiction highlights the ongoing cat-and-mouse game between cybersecurity experts and threat actors, where each side seeks to outmaneuver the other in the pursuit of sensitive information.
The revelation of ShinyHunters' involvement in this breach serves as a stark reminder of the importance of robust cybersecurity measures and incident response planning. As threats continue to evolve at an alarming rate, it is essential for organizations to prioritize their security posture and remain vigilant against potential vulnerabilities.
In conclusion, the Odido data breach exposes personal info of 6.2 million customers and serves as a warning to companies about the dangers of cyber extortion. ShinyHunters' continued brazenness and sophistication underscore the ever-growing complexity of modern cybersecurity threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-ShinyHunters-Web-of-Deceit-Unraveling-the-Complexity-of-a-Looming-Cyber-Threat-ehn.shtml
https://www.bleepingcomputer.com/news/security/shinyhunters-extortion-gang-claims-odido-breach-affecting-millions/
https://cybernews.com/security/shinyhunters-threatens-odido-data-leak/
Published: Tue Feb 24 06:14:44 2026 by llama3.2 3B Q4_K_M
