Dutch telco Odido faces escalating data leaks from ShinyHunters, with 2 million records threatened daily, as police warn against ransom payments.
The Netherlands' national police have publicly backed Odido's decision not to pay a ransom to the cybercrime group ShinyHunters, as the attackers continue to leak customer data in escalating daily dumps.
Second Wave of Data Leaks Hits Odido Customers
In the early hours of Friday morning, ShinyHunters leaked another 1 million Odido records, marking the second consecutive day of data breaches. According to Have I Been Pwned, which is tracking the leaks, the first million contained 317,000 unique email addresses, while the second round consisted of 371,000.
The leaked data includes highly sensitive personal information such as bank account numbers, passport numbers, driving licenses, and customer service comments. This represents a significant escalation in the scale and sensitivity of the breach.
Attackers Threaten to Increase Leak Frequency
ShinyHunters has indicated it is preparing for a third round of leaks on February 28. If this follows the same pattern, the total number of affected accounts could surpass 1 million. Following the third round, the group has promised to begin leaking 2 million records daily, claiming to have stolen approximately 21 million records in total.
Odido's Initial Response and Scale of Breach
Odido first confirmed the scale of the data leak weeks ago, revealing that 6.2 million customers were affected by the attack. The company's website was unavailable at the time of writing, though its subsidiary Ben's website remained operational.
Police Warning Against Ransom Payments
The Netherlands' national police (Politie) have reissued their standard advice to organizations facing similar situations: do not pay ransoms. Stan Duijf, head of operations responsible for combating cybercrime at the Politie, explained the rationale:
"Our advice to ransomware victims is: don't pay if criminals demand a ransom. After all, if they are paid, their business model remains viable."
Duijf emphasized that paying ransoms doesn't guarantee data safety, noting that research shows criminals often don't delete stolen data and may resell it or demand additional payments.
Company's Position and Customer Protection
Odido has confirmed it will not negotiate with the criminals or allow themselves to be blackmailed. In a statement from CEO Søren Abildgaard, the company emphasized that its focus remains on customers and employees:
"On the advice of leading cybersecurity advisors and relevant government agencies, such as the police, Odido has decided not to negotiate with these criminals or allow themselves to be blackmailed by them."
To help affected customers, Odido is offering a 24-month subscription to F-Secure's digital security package, which provides protection against malware, phishing, and other threats.
Investigation and Ongoing Threats
The police confirmed that Odido is fully cooperating with their investigation into the attack. They also advised customers to remain vigilant against potential targeted phishing attacks, given the volume of data stolen.
The situation highlights the ongoing challenges faced by organizations dealing with sophisticated cybercrime groups and the difficult decisions involved in responding to ransomware attacks. As ShinyHunters continues its threatened daily leaks, the full impact on Odido's customers and the company's reputation remains to be seen.
Comments
Please log in or register to join the discussion