{"id":10895,"date":"2026-02-24T10:03:43","date_gmt":"2026-02-24T10:03:43","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/02\/24\/shinyhunters-allegedly-claim-breach-of-21-million-records-from-odido\/"},"modified":"2026-02-24T10:03:43","modified_gmt":"2026-02-24T10:03:43","slug":"shinyhunters-allegedly-claim-breach-of-21-million-records-from-odido","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/02\/24\/shinyhunters-allegedly-claim-breach-of-21-million-records-from-odido\/","title":{"rendered":"ShinyHunters Allegedly Claim Breach of 21 Million Records from Odido"},"content":{"rendered":"<p>    ShinyHunters Allegedly Claim Breach of 21 Million Records from Odido<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>The notorious cybercriminal group has claimed responsibility for a <a href=\"https:\/\/cybersecuritynews.com\/flickr-data-breach\/\" target=\"_blank\" rel=\"noreferrer noopener\">massive data breach<\/a> targeting the Dutch telecommunications company Odido and its brand BEN.<\/p>\n<p>The group ShinyHunters claims to have stolen 21 million records from 8 million customers, suggesting the incident is far more severe than previously disclosed. The data exposed in this alleged breach is highly sensitive.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-sensitive-data-allegedly-exposed\"><strong>Sensitive Data Allegedly Exposed<\/strong><\/h2>\n<p>According to the claims, the compromised information includes plaintext passwords, a critical security failure that has sparked significant outrage online<\/p>\n<p>Furthermore, the stolen data reportedly contains the following:<\/p>\n<figure class=\"wp-block-table aligncenter is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th>Exposed Data Type<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Passport numbers<\/td>\n<\/tr>\n<tr>\n<td>Driver\u2019s license numbers<\/td>\n<\/tr>\n<tr>\n<td>International Bank Account Numbers (IBANs)<\/td>\n<\/tr>\n<tr>\n<td>Residential addresses<\/td>\n<\/tr>\n<tr>\n<td>Email addresses<\/td>\n<\/tr>\n<tr>\n<td>Internal corporate documents<\/td>\n<\/tr>\n<tr>\n<td>Company source code<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p><a href=\"https:\/\/cybersecuritynews.com\/100-enterprises-targeted-by-shinyhunters-group\/\" target=\"_blank\" rel=\"noreferrer noopener\">ShinyHunters explicitly stated<\/a> that Odido \u201clied about their disclosure,\u201d implying the company downplayed the severity or scope of the initial incident.<\/p>\n<p>This accusation has fueled public concern regarding Odido\u2019s transparency and handling of the breach.<\/p>\n<p>The revelation of plaintext passwords, in particular, has alarmed security experts and customers alike, as it represents a severe lapse in basic data protection practices.<\/p>\n<figure class=\"wp-block-embed aligncenter is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<div class=\"embed-twitter\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/17.0.2\/72x72\/203c.png?ssl=1\" alt=\"\u203c\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\">Breaking: ShinyHunters just claimed responsibility for the Odido + BEN breach.<\/p>\n<p>Shiny told us Odido &#8220;lied about their disclosure.&#8221;<\/p>\n<p>The stolen data includes 21 million records of 8 million customers. The breach is far worse than thought.<\/p>\n<p>It includes:<\/p>\n<p>\u2013 Plaintext passwords (!)\u2026 <a href=\"https:\/\/t.co\/uiLPHSdBVC\">pic.twitter.com\/uiLPHSdBVC<\/a><\/p>\n<p>\u2014 International Cyber Digest (@IntCyberDigest) <a href=\"https:\/\/twitter.com\/IntCyberDigest\/status\/2026057159214088516?ref_src=twsrc%5Etfw\">February 23, 2026<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/div>\n<\/figure>\n<p>Storing passwords without <a href=\"https:\/\/cybersecuritynews.com\/yurei-ransomware-file-encryption\/\" target=\"_blank\" rel=\"noreferrer noopener\">encryption or hashing leaves<\/a> users highly vulnerable to account takeover and <a href=\"https:\/\/cybersecuritynews.com\/cybersecurity-experts-report-surge-in-credential-stuffing-attacks-targeting-online-casino-accounts\/\" target=\"_blank\" rel=\"noreferrer noopener\">credential-stuffing attacks<\/a> across other platforms.<\/p>\n<p>The inclusion of government-issued identification numbers and banking details significantly increases the risk of identity theft and financial fraud for the affected customers.<\/p>\n<p>According to a recent <a href=\"https:\/\/x.com\/IntCyberDigest\/status\/2026057159214088516?s=20\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">announcement on X by the International Cyber Digest<\/a>, the potential exposure of internal documents and source code also poses a serious threat to Odido\u2019s corporate security and intellectual property.<\/p>\n<p>If malicious actors analyze the source code, they could uncover additional vulnerabilities in the company\u2019s infrastructure.<\/p>\n<p>Public reaction has been swift and critical. Social media users have expressed disbelief and anger over the alleged storage of plaintext passwords and Odido\u2019s supposed lack of transparency.<\/p>\n<p>Concerns have also been raised about the company\u2019s data retention policies, with users questioning why data from former customers is still being stored.<\/p>\n<p>While Odido has not yet publicly confirmed the specific details claimed by ShinyHunters, the situation remains a developing security crisis.<\/p>\n<p>The potential scale and sensitivity of the compromised data highlight the ongoing threat posed by sophisticated cybercriminal groups and the critical need for robust <a href=\"https:\/\/cybersecuritynews.com\/chinese-hackers-attacking-singapores-telecommunications-sector\/\" target=\"_blank\" rel=\"noreferrer noopener\">data protection measures within the telecommunications sector<\/a>.<\/p>\n<p>If these claims are verified, Odido will likely face intense regulatory scrutiny and significant reputational damage.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/shinyhunters-claim-breach-odido\/\">ShinyHunters Allegedly Claim Breach of 21 Million Records from Odido<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/shinyhunters-claim-breach-odido\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ShinyHunters Allegedly Claim Breach of 21 Million Records from Odido The notorious cybercriminal group has claimed responsibility for a massive data breach targeting the Dutch telecommunications company Odido and its brand BEN. The group ShinyHunters claims to have stolen 21 million records from 8 million customers, suggesting the incident is far more severe than previously [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,156],"tags":[130],"class_list":["post-10895","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-data-breach","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10895"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=10895"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10895\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=10895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=10895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=10895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}