The massive data theft involving Dutch telecom provider Odido and its budget brand Ben has taken an unfortunate turn this week. The criminal group behind the attack, ShinyHunters, has followed through on threats to dump private customer records onto the dark web after the company refused to pay a ransom.
A Growing Data Dump
While the breach was first spotted over the weekend of February 7th, the real trouble started when the hackers demanded over €1 million to keep the data private. When Odido stood its ground, the group began a “daily leak” campaign. On Thursday, 1 million lines of data were posted online, with another million following early Friday morning.
The scale of the theft is still being debated. Odido originally confirmed that 6.2 million current and former customers were involved in the hack, but ShinyHunters claims the actual number is closer to 21 million. Exclusive background coverage from Hackread.com revealed that the hackers are using these public leaks to pressure the company back to the negotiating table, even issuing a final warning for the firm to pay up or face more digital problems.
What was actually taken?
For your information, the stolen files are not just names and numbers. The leaked data reportedly includes physical home addresses, email accounts, and bank account details like IBANs. Perhaps most worrying is the exposure of sensitive ID data such as passport and driving licence numbers.
Odido has been quick to point out that plaintext passwords, which are passwords stored in an easy-to-read format rather than being scrambled, were not part of the haul, despite what the hackers claim. The company also stated that billing info and actual identity document scans remain safe. However, with so much personal data now public, the risk of identity fraud is a real concern.
Why Odido won’t pay
Despite the pressure, Odido CEO Søren Abildgaard remains firm. He said the company decided “not to negotiate with these criminals” or give in to blackmail. This move is fully backed by the Dutch national police. Stan Duijf, from the Politie’s cybercrime unit, warned that ” Our advice to ransomware victims is: don’t pay if criminals demand a ransom” because paying the ransom could finance future attacks, and there is simply no guarantee the hackers would delete the data anyway.
On the other hand, to help protect those affected, Odido is giving customers a free 24-month digital security package. It is a vital safety net, as anyone who has used Odido or Ben should now be extra careful with any unexpected calls or links they receive.
