The criminal hacker group ShinyHunters has begun publishing customer data stolen from Dutch telecom company Odido, releasing 2 million lines of information over two days after the company failed to meet a ransom deadline. The group published half the data Thursday and the remainder Friday morning, according to Dutch broadcaster NOS.
The hackers had demanded more than €1 million from Odido and threatened to release 1 million lines of data daily until payment was made. The ransom deadline expired Thursday.
Odido confirmed that hackers stole data belonging to 6.2 million current and former customers, though the criminal group claims to have obtained information on more than 8 million people. The compromised data includes names, home and email addresses, phone numbers, dates of birth, bank account numbers and identification numbers.
The stolen information also contains customer records showing payment histories, whether customers have guardians, and contract violations. While hackers have published some customer records, they have not yet released most phone numbers and email addresses, though they indicated they would publish increasingly sensitive information over time.
The data files, totaling 10 gigabytes, were published on the dark web, making it difficult for customers to immediately determine if their information was compromised. Concerned customers can check the website haveibeenpwned.com to see if their email addresses have been involved in data breaches, including the Odido incident.
It remains unclear whether Odido will pay the ransom. Police typically advise against such payments, arguing they help sustain criminal business models.
