Odido Breach: 688K Accounts Exposed
In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt . Following the incident, 1M records containing 317k unique email addresses were published, with the attackers threatening to leak additional data in the following days. That threat was subsequently ...
Overview
In February 2026, Dutch telecommunications provider Odido fell victim to a data breach and subsequent extortion attempt. Threat actors initially published 1 million records containing 317,000 unique email addresses, then threatened to release additional data - a threat they carried out over the following days. The full incident has now been added to Have I Been Pwned (HIBP), confirming that 688,102 accounts were compromised.
What Was Exposed
The exposed data set includes a wide range of personally identifiable information (PII):
- Email addresses - The most common target for phishing and credential-stuffing attacks.
- Names - Enables social engineering and targeted scams.
- Phone numbers - Opens the door to SIM-swapping and smishing (SMS phishing).
- Physical addresses - Could be used for physical mail fraud or doxxing.
- Dates of birth - A critical piece of PII often used in identity verification and account recovery processes.
Combined, these data points provide attackers with a high-resolution profile of each affected individual, significantly lowering the barrier for identity theft.
How the Breach Happened
While Odido has not disclosed the technical root cause publicly, the extortion pattern - threat actors demanding payment after gaining access - strongly suggests a security misconfiguration or compromised credential allowed unauthorized database access. The subsequent leak of 1M records indicates that a large, unencrypted customer database was exfiltrated. Telcos are high-value targets because customer records often contain years of address, billing, and device data.
Identity Theft Risks
This breach poses a severe identity theft risk. With names, addresses, dates of birth, and phone numbers, an attacker can:
- File fraudulent credit applications or open accounts in the victim’s name.
- Attempt to take over utility, banking, and government service accounts.
- Conduct targeted social engineering calls or SMS attacks purporting to be from Odido or other trusted entities.
Unlike a simple email credential dump, this breach gives attackers the full identity toolkit. Victims should assume their PII is now circulating in criminal marketplaces.
How to Check If You’re Affected
Affected individuals can verify their exposure by visiting Have I Been Pwned and searching with their email address. If the address appears in the breach, the associated PII (name, address, phone, DOB) is also compromised. Odido customers who have not received a direct notification should still check - the breach data includes accounts that may not have been contacted by the company.
What to Do Right Now
If you are affected, take the following steps immediately:
- Freeze your credit with all three major bureaus (Experian, Equifax, TransUnion) - a credit freeze is the most effective way to prevent fraudulent account openings using your PII.
- Enable multi-factor authentication (MFA) on your email, banking, and telecom accounts - do not use SMS-based MFA if possible; use an authenticator app.
- Be hyper-vigilant for phishing - expect calls, texts, or emails claiming to be from Odido or related services. Do not click links or share verification codes.
- Monitor your accounts - check bank and credit card statements weekly for unauthorized transactions.
- Report the breach to Dutch data protection authority (Autoriteit Persoonsgegevens) if you experience identity theft or suspicious activity.
Security Insight
This breach reveals that Odido lacked adequate access controls and data-at-rest encryption for its customer database. In the telecom industry - where providers routinely store years of customer history - this is a critical failure. Extortion-driven breaches like this one show that modern attackers are not only after real-time data but also historical PII. Telcos must adopt zero-trust architectures and classify all legacy customer records as high-risk, applying the same encryption and monitoring standards as they would for active billing data.
Further Reading
Investigate Breaches Safely with NordVPN
Researching exposed data, paste sites, or threat actor infrastructure? Route your OSINT traffic through a VPN to avoid attribution and keep your investigation IP separate from your corporate network.
Get NordVPN for ResearchAffiliate link — we may earn a commission at no extra cost to you.
Never miss a data breach report
Get real-time security alerts delivered to your preferred platform.
Related Breach Reports
In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign , with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. Whilst not present on...
In February 2026, data obtained from the fintech lending platform Figure was publicly posted online . The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and at...
In April 2026, home security firm ADT confirmed a data breach by ShinyHunters , which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also advised that "in a sm...
In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partia...