The hacker group ShinyHunters has published stolen customer data from Odido online for the fourth day in a row. This latest release appears to be much larger and may include all previously unreleased data. The file, titled ‘full_odido_shinyhunters’, is more than 25 times larger than the file shared on Saturday.
Last month, personal data from more than 6 million Odido accounts was stolen. The accounts belonged to both current and former customers. The hackers gained access to names, addresses, account numbers and identification numbers. After Odido announced on Thursday that it would not pay a ransom, the group began publishing parts of the stolen data online each day.
RTL Nieuws and NOS reported that ShinyHunters released all remaining customer data on Sunday. This suggests the group may have abandoned its earlier plan to publish the information in stages to increase pressure on Odido to pay. The reason for the apparent change of approach is unclear.
Research by NOS shows that the leaked data concerns more than 6.5 million individuals and 600,000 companies. In 71,000 cases, the data also included the email address of a trustee or other support worker. At first, NOS said it had not found any bank account numbers or customer service notes in the leak. Further analysis later showed that both were present. Customer service notes were found for more than 44,000 customers.
An Odido spokesperson declined to comment on Sunday, saying the investigation is ongoing. A source suggested the hackers may have released a large amount of data at once because media attention had shifted due to extensive coverage of developments in Iran.
Police advice
Police previously advised Odido not to pay the ransom, stating that the hackers could not be trusted. A criminal investigation led by the Public Prosecution Service is under way. Police have warned customers to remain alert to possible identity fraud. Criminals could use the leaked data for phishing attempts.
Police also advise people not to download the stolen data to check whether their details are included, as this would be a criminal offence. Instead, they recommend using the website haveibeenpwned to see if personal data has been exposed in a breach.
@anp | NEWS BRAINPORT
