Skip to content
Tech News
← Back to articles

Police suspects Dutch hackers were involved in Odido breach

read original more articles

The Dutch National Police (Politie) says it has found "strong indications" that Dutch hackers have been involved in a February breach at the telecommunications provider Odido.

"This includes a telephone conversation that was made with Odido customer service shortly before the hack. In this conversation, a Dutch-speaking man posed as Odido's IT employee. The company was then misled through phishing, after which the data theft took place," the police said in a Thursday press release.

"This type of investigation is often complex and takes time, but cybercriminals are also vulnerable and leave traces. Traces have been secured at several times during the investigation into the hack at Odido, which the research team continued to work on," added Stan Duijf, the head of operations at the National Investigation and Interventions Unit.

Odido is one of the largest Dutch telecommunications companies, offering mobile, broadband, and television services to millions of customers across the Netherlands.

When it disclosed the breach on February 12, the company said the attackers accessed its customer contact system on February 7 and downloaded the personal data of many of its users. It also told local media that the resulting data breach affected 6.2 million customers and that the threat actors reached out to say they had stolen millions of user records.

According to the telecom firm, the exposed information varies per customer, and it may include a combination of full name, address and city of residence, mobile number, customer number, email address, IBAN (bank account number), date of birth, and some identification details (passport or driver's license number and validity).

However, it added that no call details, location, data, billing data, scans of identity documents, or Mijn Odido passwords were exposed during the incident.

While Odido has yet to attribute the incident, the ShinyHunters extortion gang claimed responsibility for the breach on its dark web leak site, releasing an 88GB archive containing over 15 million records, including data the company had already disclosed as exposed in the attack.

Odido entry on ShinyHunters website (BleepingComputer)

​ShinyHunters has been behind widespread vishing campaigns targeting Okta, Microsoft, and Google single sign-on (SSO) accounts, impersonating IT support staff to trick targets' employees into entering credentials and multi-factor authentication (MFA) codes on phishing sites.

... continue reading