Shadow Cloud Gaming – French-based cloud gaming provider, Shadow, has recently confirmed a security breach that exposed customers’ private data. This alarming breach came to light following a meticulously crafted social engineering attack initiated on the Discord platform, which was traced back to the download of malware masked as a game on the Steam platform.
Shadow’s CEO, Eric Sèle, detailed the sequence of events, explaining that an employee became the unsuspecting target after being approached by an acquaintance, who was also a victim of this malicious scheme. Despite the swift action taken by Shadow’s security team, cybercriminals managed to access the management interface of one of the firm’s SaaS providers, thereby gaining unauthorized access to customer data.
The compromised information encompasses customers’ full names, email addresses, dates of birth, billing addresses, and credit card expiry dates. However, there is a silver lining: passwords and crucial banking information remain untouched.
Yet, the aftereffects of this breach seem far from over. An anonymous hacker has recently claimed responsibility for this act on a notable hacking forum, alleging possession of the personal details of over 530,000 Shadow users. The hacker’s purported motive for selling this information is the company’s alleged dismissal of their initial warnings.
Although Shadow refrained from revealing the identity of the impacted SaaS provider, the numbers reported by the hacker went undisputed by the company’s spokesperson, Thomas Beaufils. Shadow, in its communication to customers, emphasized its commitment to reinforcing security measures with its vendors and has taken proactive steps to bolster internal defenses.
As the company grapples with the repercussions of this breach, it cautions its customers to be vigilant against dubious emails and urges the adoption of multi-factor authentication to bolster account security.