Here’s how the French cloud gaming specialist Shadow got your data stolen
Cloud gaming specialist Shadow is in turmoil. This company, which allows a complete PC to be streamed remotely on its device – in particular to play video games – has just announced to its customers that it was the victim of a “highly sophisticated” attack by social engineering at the end of September.
As explained by Eric Sèle, the CEO of Shadow in an email sent on Wednesday, October 11, an employee was targeted on the social network Discord by a hacker. Under the guise of reporting to him the download of a game on Steam, this acquaintance actually sent him a link to malicious software, with an unspecified name. It is certainly an infostealer, these software thieves of identifiers and passwords, a relatively classic modus operandi in computer hacking.
Stolen cookie
“Our security team took immediate measures”” explains Eric Sèle. But despite these measures, “the attacker was able to exploit one of the stolen cookies to connect to the management interface of one of our suppliers”. And thus extract, via the API of this provider, private information from customers.
According to Shadow, the banking data as well as the passwords of the customers were not affected by this theft. On the other hand, the first names, last names, e-mail addresses, date of birth, billing address and the expiration date of the bank cards of the customers have leaked. A list to which we should at least add the connection IP addresses, reports a hacker.
The latter, whose nickname is “Depressed”, has put this database up for sale on a black market. “After an attempt to settle out of court, which they deliberately ignored, I decided to put the database up for sale,” he assures, obviously referring to an extortion attempt aimed at Shadow.
Vigilance on phishing
Shadow explains that it has “taken immediate measures to secure our systems and taken all the necessary precautions to avoid future incidents”, strengthening its security protocols and upgrading its internal systems “to make compromised workstations harmless”.
The company also advises its customers to be vigilant about phishing attacks that may target them in the future. She therefore recommends implementing multi-factor authentication for all her accounts, a good practice actually recommended by cybersecurity experts.