The Dutch Nationwide Police (Polity) stated it had discovered “robust indications” that Dutch hackers have been concerned in a February breach at telecommunications supplier Odid.
“This features a phone dialog that occurred with Odid customer support shortly earlier than the hack. On this dialog, a Dutch-speaking man posed as an Odid IT worker. The corporate was then misled by phishing, and information theft was subsequently carried out,” police stated in a press launch on Thursday.
“Most of these investigations are sometimes advanced and time-consuming, however cybercriminals are additionally weak and go away trails. Traces have been secured on a number of events throughout the Odid hacking investigation, and our analysis staff continues to work on them,” added Stan Duiff, director of operations on the Nationwide Bureau of Investigation and Intervention.
Odido is among the largest telecommunications corporations within the Netherlands, offering cell, broadband and tv companies to thousands and thousands of shoppers throughout the Netherlands.
When the corporate disclosed the breach on February 12, it stated the attackers gained entry to its buyer contact system on February 7 and downloaded the non-public information of many customers. The corporate additionally instructed native media that the ensuing information breach affected 6.2 million clients and that the attackers had contacted them to say they’d stolen thousands and thousands of consumer data.
The telco stated the knowledge leaked varies by buyer and will embody a mixture of title, deal with, metropolis of residence, cell phone quantity, buyer quantity, electronic mail deal with, IBAN (checking account quantity), date of delivery, and a few ID particulars (passport or driver’s license quantity and expiration date).
Nevertheless, it added that no name particulars, location data, information, billing information, ID scans or Mijn Odido’s password have been compromised on this incident.
Though Odid has not but claimed accountability for the incident, the extortion group Shiny Hunters claimed accountability on a darkish net leak website and revealed an 88GB archive containing greater than 15 million data, together with information the corporate had beforehand launched as uncovered within the assault.

ShinyHunters has been behind a variety of malicious campaigns focusing on Okta, Microsoft, and Google single sign-on (SSO) accounts, impersonating IT assist employees to trick focused staff into coming into their credentials and multi-factor authentication (MFA) codes on phishing websites.
After compromising an organization’s SSO account, attackers steal information from linked SaaS purposes similar to Microsoft 365, Google Workspace, Salesforce, SAP, Slack, Zendesk, Dropbox, Adobe, and Atlassian.
The cybercriminal group has been implicated in a rising variety of breaches involving corporations similar to Google, Cisco, PornHub, on-line relationship large Match Group, the European Fee, Rockstar Video games, and edtech large McGraw-Hill.
They have been additionally behind safety breaches at greater than 10 Snowflake clients, numerous different third-party integration suppliers, and extra just lately, a brand new collection of breaches that hit greater than 100 organizations (together with the College of Nottingham) following a knowledge theft assault that exploited a zero-day flaw in Oracle PeopleSoft.
Safety groups doc 54% of profitable assaults and problem a warning on solely 14%. The remaining strikes invisibly by means of the surroundings.
Picus’ whitepaper reveals methods to check your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
