Overview
- An NOS analysis finds the leaked dataset covers at least 6.5 million individuals and about 600,000 businesses with more than 5 million unique official ID numbers, including passports, driver’s licenses and some diplomats’ residence papers.
- The trove also contains contact emails tied to guardians or care workers for roughly 71,000 customers and customer-service notes in over 44,000 profiles that include potentially sensitive details.
- The group identified as ShinyHunters posted the remaining data at once after earlier signaling a staged release, citing unspecified “recent developments.”
- ShinyHunters claims some stolen files were not published and labels them “not relevant,” while indicating possible retention for its own use.
- Hackers gained access in early February via phone-based social engineering through customer service after impersonating IT staff; Odido rejected a ransom that fell from about €1 million to roughly €500,000 on police and cybersecurity advice, drawing criticism and support.