A hacker claims to be selling sensitive data from OTP generating firm