The attackers who stole the personal data of 6.2 million Odido customers used social engineering and phishing attacks to gain access to the company’s relationship management system, according to anonymous sources.
-
Hackers posed as IT staff and tricked employees into approving fraudulent logins, bypassing MFA.
-
Stolen data includes names, addresses, bank accounts, and government IDs.
-
Attackers used scraping software to extract massive amounts of customer data.
To pull off the data breach, the hackers sent phishing emails to individual staff members of Odido’s customer service, asking them for their login details.
Next, the attackers called other employees from the telecom company pretending to be from the IT department. The hackers asked them to approve their fraudulent login attempts, allowing them to bypass an additional security measure.
According to Dutch news outlet NOS, the accounts of several employees were hacked this way.
Allegedly, the attackers gained access to Odido’s Salesforce environment, a customer relationship management (CRM) system used by thousands of companies worldwide to store customer and lead information.
Last year, hackers raided numerous Salesforce instances by abusing compromised authentication tokens from a third-party AI marketing tool called Salesloft Drift.
More recently, on January 30th, 2026, Salesforce published a security advisory mentioning a new social engineering campaign targeting third-party identity providers across the industry. In these attacks, threat actors use fraudulent login pages or impersonate IT support through voice calls to steal credentials or MFA codes, or to trick users into authorizing malicious connected apps.
Once the attackers managed to gain access to Odido’s customer relationship management system, they used scraping software to exfiltrate the personal details of 6.2 million customers, including full names, postal addresses, telephone numbers, customer IDs, bank account numbers, dates of birth, and government-issued ID numbers, such as passports and driver’s licenses.
“We take this incident very seriously. Immediately after discovering the data breach, we blocked the unauthorized access to the customer relationship management system, implemented additional security measures, scaled up monitoring of unusual activities, and raised employee awareness of cybercriminal activities and methods,” Odido said in a press release.
Odido’s operational services weren’t affected during the attack: customers could use the internet, make calls, and watch TV safely.
As of yet, no ransomware operation has claimed responsibility for the data breach.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked