The IT Nerd

The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing millions of user records from its compromised systems.

Commenting on this news is Lidia Lopez, Senior Threat Intelligence Analyst at Outpost24:

“This incident fits a pattern we have been tracking from 2025 into 2026: ShinyHunters-linked operations often rely on social engineering to get legitimate access into SaaS environments, then export data and use leak sites for extortion. The common playbook is email and phone pretexting where attackers impersonate IT, a vendor, or support and push a fake “required update” or “security tool,” or trick staff into authorizing a rogue connected app. That gives them access through the identity layer, which can open downstream systems like customer support and contact platforms used across many organizations.

For Odido, “ShinyHunters” claims the breach is larger and includes “plain text” passwords, but that specific claim should be treated as unverified until independently validated or confirmed by the company or the authorities. Researchers suspect that the “plain text password” could refer to a readable password-like field in a CRM, such as a customer-service verification word stored in Salesforce, rather than customers’ online login passwords. Either way, plain text storage is serious: if it is a verification word, it makes impersonation and account fraud much easier when combined with identity data and financial identifiers; if it is an actual login password, it enables immediate account takeover at scale because attackers do not need to crack anything and password reuse can cascade the impact far beyond Odido.”

This is big as Odido has 6.9 million customers as of January 2024. So it is a safe bet that this will not end well for any of those customers. Which highlights the fact that all efforts need to be taken to keep the bad guys out so that conversations like this are not the norm.

This entry was posted on February 24, 2026 at 12:18 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.