The Information Highway

The Information Highway

Font size: +
3 minutes reading time (503 words)

Shadow PC warns of data breach as hacker tries to sell gamers' info

Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers. 

Shadow (Shadow) is a cloud gaming service providing users with high-end Windows PCs streamed to their local devices (PCs, laptops, smartphones, tablets, smart TVs), allowing them to run demanding AAA games on a virtual computer.

According to multiple tips sent yesterday from Shadow customers, the company has begun sending data breach notifications following a successful social engineering attack targeting its employees. 

"At the end of September, we were the victim of a social engineering attack targeting one of our employees," reads the notice.

"This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of our employee, himself a victim of the same attack."

Shadow data breach notification sent to customers

Based on the description of the attack, the downloaded malware was an info-stealer that successfully stole an authentication cookie that allowed the hackers to log in to the management interface of one of the company's SaaS (software-as-a-service) providers.

Leveraging this access, the attacker abused the API to extract customers' full names, email addresses, dates of birth, billing addresses, and credit card expiration dates.

Shadow's notice clarifies that the incident has not resulted in the exposure of account passwords or other sensitive payment/banking data.

Shadow says that it has revoked the stolen authentication cookie and that the hacker's access to its systems has been blocked. Moreover, Shadow has implemented additional defenses to prevent similar incidents from occurring in the future.

The firm assures the impacted customers that the compromised service provider did not hold any other user data beyond what is highlighted in the notice.

However, impacted individuals are urged to remain vigilant for phishing and scamming attempts and activate multi-factor authentication (MFA) on all their accounts. 

Limited additional information on the incident can be found on this Reddit discussion joined by an employee of the firm. However, no official statements on the incident have been posted on the official website or social media channels.


Shadow database sold on a hacker forum

Last night, a threat actor claimed to be responsible for the attack and is selling the stolen database on a well-known hacking forum.

The threat actor claims that they breached Shadow at the end of September and were able to steal the data for 533,624 users.

"At the end of September, I gained access to the database of the French company Shadow. It contains only customers, not all Shadow users," reads the for sale post.

"After an attempt at amicable settlement, which they deliberately ignored, I decided to put the database up for sale." 

Threat actor claiming to sell stolen Shadow database
Source: BleepingComputer

The threat actor also says IP connection logs were stolen in the breach in addition to the other data already confirmed by Shadow. 

Apple fixes iOS Kernel zero-day vulnerability on o...
New WordPress backdoor creates rogue admin to hija...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023