Malware
Shadow PC Raises Alarm Over Data Breach as Hacker Attempts to Auction Gamers’ Information
Shadow PC, a cloud-based gaming service, has issued a warning regarding a potential data breach. A hacker is attempting to sell players’ information, including usernames, passwords, and email addresses. This incident highlights the importance of robust cybersecurity measures within the gaming industry. Shadow PC advises its users to change their passwords and enable two-factor authentication to safeguard their accounts.
Shadow PC Warns Customers of Data Breach
A provider of high-end cloud computing services, Shadow PC, is alerting its customers about a recent data breach that has exposed their private information. This comes after a threat actor claimed to be selling the stolen data of over 500,000 customers.
What is Shadow PC?
Shadow PC is a cloud gaming service that allows users to stream high-end Windows PCs to their local devices such as PCs, laptops, smartphones, tablets, and smart TVs. This enables users to play demanding AAA games on a virtual computer.
Details of the Data Breach
Multiple Shadow PC customers have reported receiving data breach notifications following a successful social engineering attack on the company’s employees. According to the notice sent by Shadow PC, the attack began on the Discord platform when an employee downloaded malware disguised as a game on the Steam platform. This malware was proposed by an acquaintance of the employee who was also a victim of the same attack.
As a result of the attack, an info-stealer malware was able to steal an authentication cookie, which provided access to the management interface of one of Shadow PC’s SaaS providers. With this access, the attacker extracted customers’ full names, email addresses, dates of birth, billing addresses, and credit card expiration dates.
Actions Taken by Shadow PC
Shadow PC has taken immediate actions to address the breach. The stolen authentication cookie has been revoked, blocking the hacker’s access to their systems. Additionally, the company has implemented additional security measures to prevent similar incidents in the future.
It is important to note that the incident did not expose account passwords or other sensitive payment/banking information. The compromised service provider did not hold any additional user data beyond what is mentioned in the breach notice.
Recommendations for Affected Customers
While Shadow PC has taken steps to mitigate the impact of the breach, affected customers are advised to remain vigilant for phishing and scam attempts. It is also recommended to activate multi-factor authentication (MFA) on all their accounts for added security.
Confirmation of Data Sale on Hacker Forum
A threat actor claiming responsibility for the breach has announced the sale of the stolen database on a well-known hacking forum. The actor states that they gained access to the Shadow PC database at the end of September and obtained data for 533,624 users. The post also mentions the theft of IP connection logs in addition to the already confirmed data.
It is important to note that BleepingComputer has not independently verified whether the sold data indeed belongs to Shadow PC customers.