CATEGORIES
home News

Cloud Gaming Service Discloses Data Breach Affecting Over Half A Million Gamers

by Nathan OrdFriday, October 13, 2023, 12:30 PM EDT
shadow cloud computing company suffers security breach leaking customer data 2
Cloud gaming has many advantages, such as lowering the barrier to entry to triple-A titles that require beefier and beefier hardware these days. However, one downside to this ecosystem is that there is a vast centralized dataset that could make for a rather juicy target for hackers. This is exactly what ShadowPC, a high-end cloud computing company, found recently after discovering a breach purportedly affecting 533,624 users of the service.

Over on the ShadowPC subreddit a couple of days ago, users were posting notices they had received explaining that Shadow had suffered a breach and customer data was compromised. The notes explain that at the end of September, an employee was the victim of a phishing campaign through Discord, wherein the employee downloaded malware that was fronting as a game on Steam. This malware then compromised the employee’s cookies, which allowed the attacker to connect to the “management interface of one of [Shadow’s] SaaS providers” and “extract, via [Shadow’s] SaaS provider’s API, certain private information.”

letter shadow cloud computing company suffers security breach leaking customer data

After this breach was discovered, Shadow locked down its systems and turned off the cookie to prevent the attack from continuing. Further, the company is reinforcing security protocols and moved to upgrade internal systems to “render compromised workstations harmless.” However, Shadow still recommends that customers who might be affected be vigilant about any emails they receive, as they could be phishing attempts. Further, it is recommended that users implement multi-factor authentication (MFA) to help protect themselves, especially on their Shadow accounts.

breached shadow cloud computing company suffers security breach leaking customer data

Curiously, this all lines up with a post to BreachForums from a user who claims to have gained access to the database of Shadow customers. They note in their post that there are 533,624 customer records which may be associated with birthdates, addresses, full name, end of credit card, expiration date, IP connection information, and more. It is still being determined whether this bundle is legitimate, but given the timing, we are inclined to think there is some stolen data there.

In any event, this is a good opportunity to remind people that having good cybersecurity hygiene also involves the end user, as humans are nearly always the weakest link. You never know if a link sent by a friend is legitimate, because that person could be compromised themselves, as was the case in the Shadow incident. Thus, always "trust but verify" links and files, as it only takes one bad click for you to fall victim.
Tags:  Gaming, security, Cloud, cybersecurity
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment