Hackers threatening to leak 8 million people's stolen data if Odido won't pay ransom

The cybercriminal group Shinyhunters has claimed responsibility for hacking Odido and says it has stolen the data of 8 million people, not 6.2 million like Odido claims. The hackers are pressuring Odido to pay a ransom of over €1 million, or they’ll leak the stolen data, RTL Nieuws reports.

According to the broadcaster, Shinyhunters showed proof that they hacked Odido and stole millions of people’s data, including names, addresses, bank account numbers, and passport numbers. The cybercriminals also claim to have customer passwords. “It affects 8 million customers and a total of 21 million lines of data.”

Odido reported that the hack affected 6.2 million current and former customers, stealing names, account numbers, and addresses. The company said that no passwords, call logs, or billing information were compromised.

The hackers are pressuring Odido to pay the ransom by Thursday morning. “Make the right decision, you know where to find us.” According to Shinyhunters, the ransom is “a low seven-figure sum.”

The identity of Shinyhunters is unknown. According to RTL, though the group seems to be primarily based in Europe, instead of Russia, like many other cybercriminal gangs. The group is known for hacking cloud environments. Victims include Microsoft, Ticketmaster, Jaguar, Louis Vuitton, and Pornhub.

Odido warned customers to be alert for “suspicious and unusual activity” on their accounts and profiles. Odido said stolen data is not always misused after a data breach, but it can’t “rule out the possibility of misuse of your data.”