Police suspects Dutch hackers were involved in Odido breach

5 hours ago 4

Politie Dutch National Police

The Dutch National Police (Politie) says it has found "strong indications" that Dutch hackers have been involved in a February breach at the telecommunications provider Odido.

"This includes a telephone conversation that was made with Odido customer service shortly before the hack. In this conversation, a Dutch-speaking man posed as Odido's IT employee. The company was then misled through phishing, after which the data theft took place," the police said in a Thursday press release.

"This type of investigation is often complex and takes time, but cybercriminals are also vulnerable and leave traces. Traces have been secured at several times during the investigation into the hack at Odido, which the research team continued to work on," added Stan Duijf, the head of operations at the National Investigation and Interventions Unit.

image

Odido is one of the largest Dutch telecommunications companies, offering mobile, broadband, and television services to millions of customers across the Netherlands.

When it disclosed the breach on February 12, the company said the attackers accessed its customer contact system on February 7 and downloaded the personal data of many of its users. It also told local media that the resulting data breach affected 6.2 million customers and that the threat actors reached out to say they had stolen millions of user records.

According to the telecom firm, the exposed information varies per customer, and it may include a combination of full name, address and city of residence, mobile number, customer number, email address, IBAN (bank account number), date of birth, and some identification details (passport or driver's license number and validity).

However, it added that no call details, location, data, billing data, scans of identity documents, or Mijn Odido passwords were exposed during the incident.

While Odido has yet to attribute the incident, the ShinyHunters extortion gang claimed responsibility for the breach on its dark web leak site, releasing an 88GB archive containing over 15 million records, including data the company had already disclosed as exposed in the attack.

Odido entry on ShinyHunters websiteOdido entry on ShinyHunters website (BleepingComputer)

​ShinyHunters has been behind widespread vishing campaigns targeting Okta, Microsoft, and Google single sign-on (SSO) accounts, impersonating IT support staff to trick targets' employees into entering credentials and multi-factor authentication (MFA) codes on phishing sites.

After breaching corporate SSO accounts, the threat actors steal data from connected SaaS applications, including Microsoft 365, Google Workspace, Salesforce, SAP, Slack, Zendesk, Dropbox, Adobe, Atlassian, and others.

The cybercrime group has been linked to a growing number of breaches involving companies such as Google, Cisco, PornHub, the online dating giant Match Group, the European Commission, Rockstar Games, and the McGraw-Hill edtech giant.

They were also behind security breaches at over a dozen Snowflake customers, various other third-party integration providers, and, more recently, a new series of breaches that hit over 100 organizations (including the University of Nottingham) following data-theft attacks exploiting an Oracle PeopleSoft zero-day flaw.

article image

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Read Entire Article