Overview
- After letting the deadline pass, Odido declined a seven‑figure demand and the ShinyHunters group posted a verified dataset from the breach on the dark web.
- The published trove includes about 1 million records with data on roughly 430,000 individuals and 290,000 companies, including some 275,000 IBANs and sensitive internal customer-service notes.
- Odido earlier said 6.2 million customers were affected, while ShinyHunters claim data on roughly 8 million customers and 21 million rows and threaten further daily dumps.
- Police and prosecutors are probing the hack and reiterate guidance not to pay, echoing the data watchdog’s stance that ransoms fuel criminal business models.
- Security experts warn the leak enables highly targeted phishing and phone fraud, though Odido says no passwords were stolen and authorities advise heightened vigilance rather than downloading the illicit datasets.