Shadow said in a statement that it was the victim of a computer hack. Despite measures taken very quickly, private user data may have been stolen.
Apparently Shadow’s sense of rhythm is poor: while the cloud computing service launched a new offer for 9.99 euros per month, it fell victim to a hacker attack. All customers of the service received an email on October 11th informing them of this hack.
How Shadow Got Hacked: Story of a Social Engineering Hack
The story takes place in late September with a Shadow employee. One of his “acquaintances” contacted him on Discord to send him a link to a game that was apparently released on Steam. The employee then downloads the game, which turns out to be malware. This “knowledge” was not malicious, but the user of her account was: precisely because she herself was the victim of the attack. His hacked account was able to spread the malware to his contacts, including this person who works at Shadow. We don’t know if this is a game that was actually released on Steam or a game that was downloaded from a website that looks exactly like Steam. A hacking method reminiscent of the method used against certain influencers: it happened in April 2022 on YouTuber Michou and recently this summer on streamer Xari. Every time a video game you can install on your computer “recommended” by a loved one who was themselves a pirated version.
Shadow Teams // Source: Shadow
In the press release issued by Shadow, CEO Eric Sèle says that the company’s security team “took immediate action.” » Nevertheless, the hackers exploited the cookies stolen from the employee’s computer to connect to the management software of one of the Shadow suppliers. The hacker was then able to exploit that provider’s API to request access to certain private information of Shadow’s customers. Eric Sèle then explained that he had “strengthened the security protocols we apply across all of our SaaS providers.” Finally, we will update our internal systems to neutralize compromised workplaces. »
I am a shadow customer. What do I have to do to avoid being hacked?
This leaked information includes:
- Surname ;
- First name ;
- email address ;
- Birth date ;
- Billing address ;
- Bank card expiration date.
Shadow insists that no passwords or other banking details were leaked. However, if you are a customer of the Service, we recommend that you change your password as a precaution and check that the current one is not used on other websites. If you have other email addresses, it may also be interesting to change the address associated with the Shadow account.
“Forza Horizon 5” on the PC, in the browser // Source: Shadow
The press release, which will be emailed to all customers, asks them to be particularly vigilant about the emails they may receive. In fact, they could curb phishing attempts by asking you for sensitive information (passwords, bank card codes, etc.). Another solution: Use multi-factor authentication on your Shadow account.