Shadow, the French cloud gaming company that allows subscribers to run games via high-powered PCs over the internet, has emailed customers to warn them that it has suffered a security breach in which customer data was stolen. While Shadow hasn't confirmed how many people were affected, it's thought that around 530,000 users have had their information stolen.
In an email sent to customers and reported on by TechCrunch, Shadow said that it was the victim of a social engineering attack that targeted one of its employees at the end of September 2023. The attack apparently began on Discord and then resulted in the employee downloading a game on Steam at the suggestion of a third party. That third party was also a victim of the attack.
The data itself was collected after the attacker was able to gain access to an as-yet-unnamed software-as-a-service (SaaS) provider.
TechCrunch reports that an individual on a popular hacking forum has already claimed responsibility for the attack, saying that they are now willing to sell the data after being ignored by Shadow. The post says that the data covers more than 530,000 people.
As for Shadow, it hasn't confirmed how many people are impacted nor exactly which service the attacker was able to access. They did say which types of data were stolen, however, with full names, email addresses, dates of birth, billing addresses, and credit card expiry dates all swiped. Shadow does say that there were no passwords or sensitive banking data taken during the attack, however.
Shadow also warned customers to be on the lookout for any suspicious emails and to set up multi-factor authentication on their accounts.