ShinyHunters extortion gang claims Odido breach affecting millions

Bleeping Computer

by Sergiu Gatlan

February 24, 2026

AI-Generated Deep Dive Summary

The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido, a company serving millions of customers across the Netherlands. The breach occurred on February 7, when attackers gained unauthorized access to Odido's customer contact system, leading to the exposure of personal data belonging to millions of users. Although the telecom firm confirmed that sensitive information like passwords, call details, and billing data were not compromised, the exposed records included a combination of personally identifiable information such as full names, addresses, email addresses, IBAN numbers, and dates of birth. The breach affected 6.2 million customers, with ShinyHunters claiming to have stolen nearly 21 million records and threatening further action if their demands are not met. Odido has reported the incident to the Dutch Data Protection Authority, blocked the attackers' access, and enlisted external cybersecurity experts to manage the response. However, the company remains coy about whether a ransom was demanded or which specific threat group is behind the attack. ShinyHunters, known for its extortion tactics, has posted details of the breach on its dark web leak site, claiming that internal corporate data and plaintext passwords were also stolen. The gang has issued a warning

Verticals

securitytech

Originally published on Bleeping Computer on 2/24/2026