Cloud gaming specialist Shadow is in turmoil. This company, which allows you to remotely stream an entire PC on your device – particularly for playing video games – has just announced to its customers that it was the victim of a “highly sophisticated” social engineering attack at the end of the month of september.
As Eric Sèle, CEO of Shadow, explains in an electronic message sent on Wednesday October 11, an employee was targeted on the social network Discord by a hacker. Under the guise of notifying him of the download of a game on Steam, this acquaintance actually sent him a link to malicious software, with an unspecified name. It is certainly an infostealer, this software that steals identifiers and passwords, a relatively classic method of operation in computer hacking.
Stolen cookie
“Our security team took immediate action,” explains Eric Sèle. But despite these measures, “the attacker was able to exploit one of the stolen cookies to connect to the management interface of one of our suppliers”. And thus extract, via this provider’s API, private customer information.
According to Shadow, banking data and customer passwords were not affected by this theft. On the other hand, the first names, last names, email addresses, date of birth, billing address and the expiration date of the customers’ bank cards were leaked. A list to which at least the connection IP addresses should be added, reports a hacker.
The latter, whose nickname is “Depressed”, put this database up for sale on a black market. “After an attempt at an amicable settlement, which they deliberately ignored, I decided to put the database up for sale,” he assures, visibly referring to an extortion attempt aimed at Shadow.
Vigilance on phishing
Shadow explains that it has “taken immediate measures to secure our systems and taken all necessary precautions to avoid future incidents”, by strengthening its security protocols and upgrading its internal systems “to make workstations harmless compromise”.
The company also advises its customers to be vigilant about phishing attacks that may target them in the future. It therefore recommends implementing multi-factor authentication for all its accounts, a good practice actually recommended by cybersecurity experts.