ShinyHunters Allegedly Claim Breach of 21 Million Records from Odido

The notorious cybercriminal group has claimed responsibility for a massive data breach targeting the Dutch telecommunications company Odido and its brand BEN.

The group ShinyHunters claims to have stolen 21 million records from 8 million customers, suggesting the incident is far more severe than previously disclosed. The data exposed in this alleged breach is highly sensitive.

Sensitive Data Allegedly Exposed

According to the claims, the compromised information includes plaintext passwords, a critical security failure that has sparked significant outrage online

Furthermore, the stolen data reportedly contains the following:

Exposed Data Type
Passport numbers
Driver’s license numbers
International Bank Account Numbers (IBANs)
Residential addresses
Email addresses
Internal corporate documents
Company source code

ShinyHunters explicitly stated that Odido “lied about their disclosure,” implying the company downplayed the severity or scope of the initial incident.

This accusation has fueled public concern regarding Odido’s transparency and handling of the breach.

The revelation of plaintext passwords, in particular, has alarmed security experts and customers alike, as it represents a severe lapse in basic data protection practices.

https://twitter.com/IntCyberDigest/status/2026057159214088516?ref_src=twsrc%5Etfw

Storing passwords without encryption or hashing leaves users highly vulnerable to account takeover and credential-stuffing attacks across other platforms.

The inclusion of government-issued identification numbers and banking details significantly increases the risk of identity theft and financial fraud for the affected customers.

According to a recent announcement on X by the International Cyber Digest, the potential exposure of internal documents and source code also poses a serious threat to Odido’s corporate security and intellectual property.

If malicious actors analyze the source code, they could uncover additional vulnerabilities in the company’s infrastructure.

Public reaction has been swift and critical. Social media users have expressed disbelief and anger over the alleged storage of plaintext passwords and Odido’s supposed lack of transparency.

Concerns have also been raised about the company’s data retention policies, with users questioning why data from former customers is still being stored.

While Odido has not yet publicly confirmed the specific details claimed by ShinyHunters, the situation remains a developing security crisis.

The potential scale and sensitivity of the compromised data highlight the ongoing threat posed by sophisticated cybercriminal groups and the critical need for robust data protection measures within the telecommunications sector.

If these claims are verified, Odido will likely face intense regulatory scrutiny and significant reputational damage.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post ShinyHunters Allegedly Claim Breach of 21 Million Records from Odido appeared first on Cyber Security News.