October 13, 2023 at 03:05PM
French cloud service Shadow has confirmed that criminals stole a database containing customer data in a social-engineering attack against one of its employees. The stolen data includes personal information such as names, email addresses, dates of birth, billing addresses, and credit card expiration dates. The company reassured customers that no passwords or sensitive banking data were compromised. Shadow has taken immediate steps to reinforce security protocols and apologizes for any inconvenience caused.
From the meeting notes, here are the key takeaways:
– Shadow, a cloud service for Windows PC gaming and other tasks, experienced a security breach where a database containing customer data was stolen.
– The breach was a result of a social-engineering attack on one of Shadow’s employees.
– It is currently unknown how many people’s personal information was accessed in the leak.
– A cybercriminal claimed to have the stolen details of 533,624 customers and put the database up for sale on a cybercrime forum.
– Shadow has confirmed the legitimacy of an email sent to customers notifying them of the information theft.
– The stolen data includes customers’ full names, email addresses, dates of birth, billing addresses, and credit card expiration dates. No passwords or sensitive banking data were compromised.
– The attack took place in late September and involved the downloading of malware disguised as a game on the Steam platform.
– The attacker was able to connect to the management interface of one of Shadow’s SaaS providers using a stolen cookie.
– Shadow has taken immediate steps to enhance security and protect customer data.
– CEO Eric Sele apologized to customers for the inconvenience caused by the incident.
– A cybercriminal listed the stolen database for sale and claimed Shadow ignored their attempt at an “amicable settlement.”
Please let me know if you require any further information or if there’s anything specific you would like me to address.