Shadow, a company that provides cloud-based PC streaming services, has announced that it suffered a data breach that exposed some of its customers’ personal information. The company says that no passwords or financial data were compromised, but the attacker was able to access names, emails, dates of birth, billing addresses, and credit card expiration dates of some users.
How the attack happened
According to an email sent to affected customers (which you can see on Reddit), the attack started at the end of September with a social engineering scheme targeting one of Shadow’s employees. The employee was tricked into downloading malware from a fake game on Steam, which was sent by an acquaintance who was also a victim of the same attack.
The malware allowed the attacker to steal cookies from the employee’s browser, which were then used to log into the management interface of one of Shadow’s SaaS providers. The attacker was able to extract customer data from the provider’s API using the stolen cookie, which has since been deactivated.
What Shadow is doing to prevent future attacks
Shadow’s CEO Eric Sele confirmed the breach in a statement to The Verge, saying that the company has taken immediate steps to secure its systems and reinforce its security protocols with its SaaS providers. He also said that the company is upgrading its internal systems to render compromised workstations harmless.
Shadow has also advised its customers to take proactive steps to enhance their online privacy and identity protection, such as changing their passwords, enabling two-factor authentication, and monitoring their credit reports. The company has also set up a dedicated email address (security@shadow.tech) for customers to contact if they have any questions or concerns about the breach.
What this means for Shadow and its customers
Shadow is a service that lets users stream a Windows PC from the cloud, allowing them to play games and run applications on any device. The service has been praised for its performance and flexibility, but it has also faced some challenges, such as delays in delivering its hardware devices and competition from other cloud gaming platforms.
The data breach is another setback for Shadow, as it could damage its reputation and trust among its customers and potential users. The company will have to work hard to restore confidence and demonstrate that it can protect its users’ data from future attacks.
