Hackers behind the Odido breach have released the remaining stolen customer data online, escalating the incident from an extortion threat into a confirmed large-scale data exposure affecting millions of individuals and businesses.
The development follows earlier warnings from the ShinyHunters group, which previously claimed to possess vast amounts of Odido customer information and threatened to leak the data unless the telecom provider paid a ransom. As first reported by Dutch broadcaster NOS, the attackers have now published what appears to be the bulk of the remaining dataset, including highly sensitive identity information belonging to millions of customers.
According to the report, the leaked files contain records tied to approximately 6.5 million individuals and around 600,000 companies. Among the most serious exposures are more than five million government identification numbers, including passport and driver’s license details, as well as residence permit information in some cases. The dataset also reportedly includes names, dates of birth, contact details, bank account numbers, and internal customer service notes.
The publication marks a significant escalation compared to earlier stages of the incident, when only portions of the data had been released as part of an apparent pressure campaign against the company. At the time, the attackers demanded a ransom reportedly starting at €1 million and later reduced to €500,000. Odido declined to pay, stating it would not negotiate with cybercriminals — a decision that now appears to have prompted the full release.
Researchers cited by Dutch media noted that the leaked information goes beyond basic subscriber data and includes sensitive administrative records, such as email addresses connected to legal guardians or court-appointed administrators for tens of thousands of customers. The presence of government ID numbers substantially increases the potential risks associated with the breach, particularly identity theft and targeted fraud.
The incident represents a new phase in the breach lifecycle reported earlier this year, when ShinyHunters surfaced on cybercrime forums claiming access to millions of Odido records. While the scale of those claims was initially uncertain, the latest leak confirms that a large dataset was successfully exfiltrated and is now circulating publicly.
Odido has previously stated that it notified affected customers and relevant authorities after discovering the breach, though investigations into how attackers obtained access — and why such extensive historical customer information was retained — are ongoing.
The publication of the full dataset effectively closes the extortion phase of the attack but opens a longer period of risk for affected users, as the information may continue to circulate across cybercrime forums and marketplaces.
As with similar mass leaks, affected customers are advised to remain alert for phishing attempts and suspicious communications referencing personal information, as attackers often exploit newly leaked datasets to conduct highly convincing social-engineering attacks.
Leave a Reply