Shadow PC Suffers Breach After Hacker Baits Employee With Malicious Game
Cloud gaming provider Shadow PC has suffered a data breach after a company employee accidentally downloaded malware to play a game.
On Wednesday, the company sent out an email, notifying customers about the breach, which allowed the hacker to steal user information, including email addresses, dates of birth and billing addresses.
In the email, Shadow’s CEO Eric Sèle says the breach occurred last month after a “social engineering attack” targeted a company employee.
“This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of our employee, himself a victim of the same attack,” Shadow’s CEO wrote.
The statement is thin on details, including what strain of malware was used. But it sounds like the malware was circulated over Discord, a chat platform popular among gamers. The employee downloaded the malware, thinking it was related to a game on Steam, but it actually gave the hacker a way to remotely access their computer.
The hijacking then helped the attacker access a cloud provider for Shadow, which led to the theft of customer information. “The information concerned is your first and last name, e-mail address, date of birth, billing address and credit card expiry date,” Shadow’s CEO added.
The good news is that no passwords or sensitive banking information from customers was looted in the attack. However, it appears the hacker has begun trying to sell the stolen information. BleepingComputer noted that a user in a popular hacking forum claims to have access to data on 533,624 users at Shadow.
“After an attempt at amicable settlement, which they (Shadow) deliberately ignored, I decided to put the database
Read more on pcmag.com
