October 12, 2023 at 08:59AM
Shadow PC, a cloud gaming service, has notified customers of a data breach resulting from a social engineering attack on an employee. An info-stealer malware was used to steal customer data, including names, email addresses, dates of birth, billing addresses, and credit card expiration dates. Shadow has revoked the stolen authentication cookie and implemented additional security measures. A threat actor claims to be selling the stolen database on a hacking forum, which includes data for 533,624 users. IP connection logs were also allegedly stolen. The authenticity of the sold data has not been independently verified.
Key takeaways from the meeting notes:
1. Shadow PC, a provider of high-end cloud computing services, has experienced a data breach.
2. The breach occurred due to a social engineering attack targeting one of Shadow’s employees.
3. The attacker downloaded malware disguised as a game, leading to the theft of an authentication cookie.
4. The stolen authentication cookie allowed the attacker to access customer data, including full names, email addresses, dates of birth, billing addresses, and credit card expiration dates.
5. Account passwords and sensitive payment/banking data were not exposed in the breach.
6. Shadow has revoked the stolen authentication cookie and blocked the hacker’s access to their systems.
7. Additional defenses have been implemented to prevent similar incidents in the future.
8. The compromised service provider did not hold any other user data beyond what was mentioned in the breach notice.
9. Impacted individuals are advised to remain vigilant for phishing and scamming attempts and activate multi-factor authentication (MFA) on all their accounts.
10. A threat actor claims to have breached Shadow and is selling the stolen database containing customer information on a hacking forum.
11. The threat actor also claims to have stolen IP connection logs in addition to the customer data.
12. Independent confirmation of the sold data belonging to Shadow customers is not yet available.