Image credits: Shade
French technology company Shadow has confirmed a data breach involving customers’ personal information.
The Paris-based startup, which offers games through its cloud-based PC service, said in an email to customers this week that hackers gained access to their personal information after a successful social engineering attack targeting the company.
“At the end of September, we were the victim of a social engineering attack targeting one of our employees,” Shadow CEO Eric Seely said in the email seen by TechCrunch. “This highly sophisticated attack on Discord was initiated by downloading malware under the guise of a Steam game, suggested by an acquaintance of our employee, who is himself a victim of the same attack.”
Shadow said that although its security team took unspecified “immediate action,” the hackers were able to connect to the management interface of one of the company’s software-as-a-service (SaaS) providers to obtain customers’ private data.
This data includes full names, email addresses, dates of birth, billing addresses, and credit card expiration dates. Shadow says no passwords or sensitive banking data were compromised.
One of the people who posted on a popular hacking forum on Wednesday claiming responsibility for the Shadow breach said they were selling the stolen database, which allegedly contained the personal data of more than 530,000 Shadow customers. The individual said they were selling the alleged data after they claimed the company ignored it.
Shadow spokesman Thomas Beaufils confirmed the authenticity of the email the company sent to customers but declined to comment further or answer TechCrunch’s questions. Shadow declined to name the SaaS provider when asked by TechCrunch or say whether he knew how many Shadow customers were affected, but a spokesperson did not dispute the hacker’s claims when asked.
The email Shadow sent to customers, which had not yet been shared on any of the company’s websites or social media channels at the time of writing, says the company has “enhanced the security protocols” it uses with its service providers and has upgraded internal systems to “make “Compromised workstations are harmless.”
The company advises customers to be wary of suspicious emails and set up multi-factor authentication on their accounts.
“Unapologetic analyst. Infuriatingly humble coffee evangelist. Gamer. Unable to type with boxing gloves on. Student. Entrepreneur.”
More Stories
Gender Medicine, Games and Teresa Brouwer – 5 minutes
The new release for PS5, Xbox and PC is ahead of schedule
Summer of Games 2024: all dates, trade shows, events and streams at a glance