Shadow PC, a provider of cloud gaming services, has issued warnings to over 500,000 customers regarding a data breach. The breach resulted from a social engineering attack on one of Shadow’s employees.
Furthermore, in late September, the attacker initiated the attack through a gaming platform, leading to the download of malware, which successfully stole an authentication cookie. With this access, the attacker extracted customer information, including names, email addresses, dates of birth, billing addresses, and credit card expiration dates.
Although the breach did not expose account passwords or sensitive payment data, Shadow PC has taken immediate action to address the situation. The stolen authentication cookie has been revoked, and the hacker’s access to the system has been blocked.
Additional security measures have been put in place to prevent similar incidents in the future. Shadow PC has assured customers that the compromised service provider did not hold any other user data beyond what was highlighted in the breach notice.
At the same time, customers are advised to remain vigilant for potential phishing and scam attempts and to enable multi-factor authentication (MFA) on their accounts. A threat actor claimed responsibility for the attack and is attempting to sell the stolen database. The threat actor alleges that the breach occurred at the end of September and resulted in the theft of data for 533,624 users, including IP connection logs. While there is limited official information on the incident, BleepingComputer has reached out to Shadow PC for more details.
References:
