French gaming platform Shadow reports data breach of customer data

Shadow, a French tech firm known for its cloud-based gaming service, has confiemed a security breach that exposed user data. The company, headquartered in Paris, communicated to its users via email, acknowledging that cybercriminals managed to access their personal information through a sophisticated social engineering attack aimed at one of their employees.

Shadow explained in the email that the initial phase of this intricate cyber-attack took place on Discord, where malware was downloaded disguised as a game on the Steam platform. This malicious software was sent by someone known to the Shadow employee, who was also a victim of a similar assault.

Although Shadow's cybersecurity team responded promptly, the perpetrators managed to access the control interface of one of the firm's Software-as-a-Service (SaaS) providers.

This breach led to the exposure of personal details such as

• users' full names,
• email IDs,
• birth dates,
• residential addresses,
• credit card expiration dates.

Fortunately, passwords and other crucial banking information remained untouched.

Subsequent to the breach, an individual appeared on a hacking forum claiming to be responsible for the Shadow intrusion. They asserted possession of a database containing details of over 530,000 Shadow users and expressed intentions to sell it.

Thomas Beaufils, a representative from Shadow, verified the email's authenticity sent to users about the incident. While Shadow didn't explicitly name the compromised SaaS provider, they did not refute the hacker's assertions.