Shadow, a Paris-headquartered technology company that offers cloud-based PC gaming services, has confirmed a data breach involving customers’ personal information. The incident occurred after a sophisticated social engineering attack targeted the company’s employees.
Background of the Attack
According to an email sent to customers by Shadow CEO Eric Sèle, the attack began on the Discord platform with the downloading of malware under the guise of a game on the Steam platform. An acquaintance of one of the company’s employees, who was also a victim of the same attack, had proposed the game.
Details of the Breach
Shadow stated that its security team took immediate action in response to the attack; however, the hackers were still able to connect to the management interface of one of the company’s software-as-a-service (SaaS) providers. This allowed them to access customers’ private data, which includes:
- Full names
- Email addresses
- Dates of birth
- Billing addresses
- Credit card expiry dates
Shadow emphasized that no passwords or sensitive banking information were compromised.
Claim of Responsibility
An individual claiming responsibility for the Shadow breach posted on a popular hacking forum, stating that they are selling the stolen database, which allegedly contains the personal data of over 530,000 Shadow customers. The individual claimed to have been ignored by the company and was selling the data as a result.
Company Response
Shadow spokesperson Thomas Beaufils confirmed the authenticity of the email sent to customers but declined to comment further or answer TechCrunch’s questions. When asked about the software-as-a-service provider, Shadow declined to name it and stated that they do not know how many customers are affected. However, the spokesperson did not dispute the hacker’s claims.
Actions Taken by Shadow
Shadow has taken steps to address the breach, including:
- Reinforcing security protocols with providers
- Upgrading internal systems to render compromised workstations harmless
- Advising customers to be cautious of suspicious-looking emails and setting up multi-factor authentication on their accounts
Implications for Customers
Customers are advised to monitor their accounts closely and report any suspicious activity. Shadow’s email also included instructions on how to set up multi-factor authentication, which is a crucial step in preventing further unauthorized access.
Related News
Other recent data breaches and cybersecurity incidents:
- PowerSchool Data Breach: Hackers stole ‘all’ historical student and teacher data from PowerSchool, an education technology company.
- UnitedHealth Hides Change Healthcare Data Breach Notice: UnitedHealth hid its notice of a data breach at Change Healthcare for months.
Conclusion
The Shadow data breach highlights the importance of robust cybersecurity measures and employee training in preventing social engineering attacks. As the tech industry continues to evolve, companies must stay vigilant and take proactive steps to protect their customers’ personal information.
Recommendations
To prevent similar breaches:
- Implement robust security protocols: Ensure that your company’s security protocols are up-to-date and effective.
- Train employees: Educate your employees on the risks of social engineering attacks and how to identify suspicious activity.
- Regularly update systems: Regularly update your internal systems to prevent exploitation by hackers.
Related Topics
- Data Breach
- Gaming
- Security
- Shadow
- Social Engineering
