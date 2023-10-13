Shadow, a service that offers PC streaming, has revealed a security breach where a malicious actor gained access to private customer information. The breach resulted in the extraction of customer data such as names, email addresses, dates of birth, billing addresses, and credit card expiration dates.

The CEO of Shadow, Eric Sele, confirmed the breach in a statement, mentioning that the company fell victim to a highly sophisticated social engineering attack. Sele assured customers that no passwords or financial data were compromised. Shadow is taking immediate measures to secure their systems and reinforce security protocols with all service providers.

The breach occurred when an employee became the target of a social engineering attack. The attack began on the Discord platform and involved the downloading of malware disguised as a game on the Steam platform. The employee had received the game recommendation from an acquaintance, who was also a victim of the same attack.

Although Shadow’s security team promptly responded and took action, the attacker was able to exploit a stolen cookie to gain access to the management interface of one of Shadow’s Software-as-a-Service (SaaS) providers. By utilizing this compromised cookie, the attacker obtained certain private customer information through the SaaS provider’s API.

Shadow has implemented additional security measures with their SaaS providers and is upgrading their internal systems to mitigate the impact of compromised workstations. In addition, a community manager on Reddit advised users to delete their Shadow accounts and take proactive steps to enhance online privacy and identity protection.

It is essential for customers to remain vigilant and monitor their accounts for any suspicious activity. By regularly updating passwords and enabling multi-factor authentication, individuals can further safeguard their personal information.

Sources:

– [Source Article Title] Jay Peters, The Verge