In a concerning development, Shadow PC, a prominent cloud gaming and high-end cloud computing service provider, has issued a warning to its users regarding a significant data breach. The breach has reportedly exposed sensitive information belonging to over 500,000 customers, following a successful social engineering attack targeting the company's employees.
Shadow PC offers users the ability to stream high-end Windows PCs to a variety of devices, including PCs, laptops, smartphones, tablets, and smart TVs. This enables users to run demanding AAA games on virtual computers.
The breach, described as a highly sophisticated social engineering attack, began on the Discord platform with the downloading of malware concealed within a game on Steam. This malware acted as an information-stealing tool, allowing the attackers to pilfer an authentication cookie. With this stolen access, the hackers were able to breach the management interface of one of the company's software-as-a-service (SaaS) providers.
The stolen data includes customers' full names, email addresses, dates of birth, billing addresses, and credit card expiration dates. However, Shadow clarified that this incident did not compromise account passwords or more sensitive payment and banking information.
In response to the breach, Shadow has taken swift action, revoking the stolen authentication cookie and blocking the attacker's access to its systems. Additional security measures have been implemented to prevent future incidents.
While Shadow has assured affected customers that the compromised service provider did not have access to further user data, it has urged those impacted to remain vigilant against phishing and scam attempts and to enable multi-factor authentication (MFA) on their accounts.
Despite limited information on the incident, a threat actor has claimed responsibility for the breach and is purportedly selling the stolen database on a well-known hacking forum. The actor asserts that they gained access to the database in September and were able to exfiltrate data for 533,624 users.
Shadow PC has not issued official statements on its website or social media channels regarding the incident. However, they are actively engaged in addressing the situation and providing support to affected users. “Generative AI has elevated the game for threat actors looking to conduct social engineering attacks. The technology enables adversaries to develop extremely convincing phishing emails so that even the most security-aware employee may be fooled," said Steve Povolny, Director of Security Research, Exabeam. "Because the CEO of Shadow confirmed that the company was targeted in a ‘very sophisticated’ social engineering attack, it’s very possible that the malicious actors used generative AI in some capacity.
One of the best defenses against AI-powered social engineering attacks is knowledge. Teach employees the signs of suspicious emails, encourage them to call and verify requests, and conduct internal phishing simulations to model attacks. In addition, use solutions that can identify any anomalous behavior on a network if an employee makes a mistake and accidentally clicks on a malicious link,” said Povolny.
As more details emerge, users are advised to exercise caution and stay updated on developments related to this data breach. ###