Cloud PC service Shadow was hacked recently. We take stock of the data that is wandering around in nature and how to avoid such disappointments next time.
While Shadow has just launched a brand new subscription plan at 9.99 euros per month, the company announced a few days after having customer data stolen. Don’t panic too much though, your bank account is probably safe and sound.
1
Shadow
7.8
€29.99
What data is affected?
In an e-mail sent to all its customers, the company explains that it “ been the victim of a social engineering attack targeting one of our employees » at the end of September. This attack, carried out on Discord with a corrupted Steam download code, allowed the malicious hacker to get their hands on a whole bunch of personal data, even if the platform took care to specify that “ no passwords or sensitive banking data have been compromised “.
In terms of data affected by hacking, we therefore find:
- Name, first name and date of birth;
- The email address;
- The billing address;
- The expiration date of the bank card.
None of this information can be immediately used to hack your bank account, but this data can be useful in phishing campaigns, or in trying to guess your password on online services (in case your code is your date of birth for example, which is a very bad idea). A fraudulent email campaign may also be more convincing if it contains personal information that is supposed to be private.
How to protect yourself as much as possible?
As usual in these cases, the most important thing is to first pay close attention to the emails you receive and follow the advice we give you here. Do not click on all the links in your mailbox, check that the senders display a legitimate address, that the sites you visit do not have a strange URL… In short, be wary in your relationship to digital hygiene.
Then you can take more systemic measures. As Shadow explains, if you haven’t always done so, it’s a good idea to enable two-factor authentication on web services that offer this option (including on your Shadow account). This will complicate the work of hackers trying to steal your data, since they will need, in addition to your identifiers, a security key (that only you have) to access your accounts.
Finally, if you want to go even further, you can take steps to avoid being tracked directly to your inbox. Email aliases allow you to hide your real email address by creating a single-use address, specific to a site. This will then redirect emails to your main mailbox, but never revealing your real identifier. If you receive suspicious emails from this alias, then you will know that it is probably phishing.
These tips will not allow you to protect yourself from 100% attacks, because no computer system is inviolable. But by putting as many obstacles as possible in the way of pirates who are a little too curious, you will surely discourage a good number of them.
Source: Shadow press release
A journalist for almost 10 years, I have been in the tech and digital sector since my very first jobs. Tinkerer (a lot), librarian (a little), I have developed a specialization on the themes of ecology and digital technology as well as the protection of private life. On weekends I torture Raspberry Pis with lots of 'sudo' commands to relax.
Read other articles
8