Business
Cloud gaming firm Shadow says hackers stole customers’ personal data
French technology company Shadow has confirmed a data breach involving customers’ personal information.
The Paris-headquartered startup, which offers gaming through its cloud-based PC service, said in an email to customers this week that hackers had accessed their personal information after a successful social engineering attack targeted the company.
“At the end of September, we were the victim of a social engineering attack targeting one of our employees,” Shadow CEO Eric Sèle said in the email, seen by TechCrunch. “This highly sophisticated attack had began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of our employee, himself a victim of the same attack.”
Shadow said that though its security team took unspecified “immediate action,” the hackers were able to connect to the management interface of one of the company’s software-as-a-service (SaaS) providers to obtain customers’ private data.
That data includes full names, email addresses, dates of birth, billing addresses and credit card expiry dates. Shadow says no passwords or sensitive banking data were compromised.
An individual who posted on a popular hacking forum on Wednesday claiming responsibility for the Shadow breach said they are selling the stolen database, which allegedly contains the personal data of more than 530,000 Shadow customers. The individual said they were selling the alleged data after they claimed they were ignored by the company.
Shadow spokesperson Thomas Beaufils confirmed the authenticity of the email that the company sent to customers but declined to comment further or answer TechCrunch’s questions. Shadow declined to name the software-as-a-service provider when asked by TechCrunch or say if it knows how many Shadow customers are affected, but the spokesperson did not dispute the hacker’s claims when asked.
Shadow’s email to customers, which has not yet been shared on any of the company’s website or social media channels at the time of writing, says that the company has “reinforced the security protocols” it uses with its providers and has upgraded internal systems to “render compromised workstations harmless.”
The company is advising customers to be wary of suspicious-looking emails and to set up multi-factor authentication on their accounts.
-
Entertainment6 days ago
WordPress.org’s login page demands you pledge loyalty to pineapple pizza
-
Entertainment7 days ago
Rules for blocking or going no contact after a breakup
-
Entertainment6 days ago
‘Mufasa: The Lion King’ review: Can Barry Jenkins break the Disney machine?
-
Entertainment5 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment4 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment5 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment4 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment3 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent