The hacking method that Odido fell victim to appears to exactly match a campaign that Salesforce had previously warned about.
Dutch telecom operator Odido is dealing with a data leak. Hackers managed to infiltrate the company’s environment and steal the data of millions of customers. The hacker group Shinyhunters has claimed responsibility for the attack.
The data leak could potentially have been prevented if Odido had noticed a warning from Salesforce in time. The hacker group has been active for some time. Since last summer, several companies have been robbed via their Salesforce environment, including major names such as KLM-Air France, Palo Alto, and Google.
Same method of operation
Salesforce warned about the hacking method as recently as late January. The break-in at Odido likely took place just a few days later. According to NOS, the method used by the hackers exactly matches the one described by Salesforce in a blog post. Not only Salesforce, but also the FBI and Google subsidiary Mandiant had already tried to alert organizations to these campaigns.
The hackers attempt to break in via an internal target by posing as IT support staff. They contact an employee of the organization and redirect them to a fake login page. If the employee falls for the trap, the attackers can use legitimate login credentials to bypass built-in security, gain access to the Salesforce environment, and download data.
Although the vulnerability does not lie with Salesforce itself, the attackers have free rein once they have the keys in hand. Several organizations have already fallen into this trap since last summer. It is not known whether those warnings fell on deaf ears at Odido. Above all, the incident once again highlights the importance of employee awareness and cyber training. A small mistake or a moment of inattention can happen to anyone, with potentially major consequences.
All data published
The hackers have now begun publishing leaked customer data. A first installment appeared last week, and according to RTL Nieuws, the remaining data was published on Sunday. According to Odido, the data concerns 6 million customers, although the hackers claim eight million. The company is standing its ground and is not giving in to the perpetrators’ ransom demands.
The operator previously stated that customers should not expect any compensation because the leaked data poses “no direct threat.” RTL Nieuws is questioning this, after finding identity documents of diplomats and embassy staff, as well as social security numbers, in the database.
Want to know if your data has been leaked in a data breach? You can check for yourself using the free web tool HaveIBeenPwned.