Shadow Hit by Data Breach
French tech firm, Shadow, recently acknowledged a data breach that exposed customers' personal details. The Paris-based company, renowned for its cloud-powered gaming service, notified its customers via email of the security lapse that came as a result of a successful social engineering attack on the company.
Shadow's CEO, Eric Sèle, detailed in the email how the sophisticated assault initiated on Discord, where malware was downloaded while camouflaged as a game on Steam. The unsuspecting employee, tricked by someone they knew, became an inadvertent gateway for the hackers.
In spite of the prompt intervention by the company’s security professionals, cyber attackers managed to access the administrative dashboard of one of Shadow's SaaS providers, thereby getting hold of customer data. The compromised data spans full names, email addresses, birth dates, billing details, and credit card expiration dates. The silver lining? No passwords or crucial banking information was affected.
However, things took a turn when an individual claimed responsibility for the breach on a hacker forum. They alleged possession of personal data belonging to over 530,000 Shadow users, which they are putting up for sale. They justified their actions by accusing the company of ignoring them.
Thomas Beaufils, a spokesperson for Shadow, vouched for the authenticity of the company's email but refrained from providing further details. When pressed, the company did not disclose the identity of the affected SaaS provider or confirm the number of affected customers. However, they didn't contradict the hacker's assertion.
To further safeguard user data, Shadow asserted they have fortified their security measures with service providers and enhanced their internal systems. They are currently urging users to be cautious of dubious emails and are advocating for multi-factor authentication setup on accounts.
Loading Comments ...
Comments
No comments have been added for this post.
You must be logged in to make a comment.