{"id":23153,"date":"2023-10-17T11:10:25","date_gmt":"2023-10-17T19:10:25","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2023\/10\/17\/news-16883\/"},"modified":"2023-10-17T11:10:25","modified_gmt":"2023-10-17T19:10:25","slug":"news-16883","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/10\/17\/news-16883\/","title":{"rendered":"Customer data stolen from gaming cloud host Shadow"},"content":{"rendered":"<p>Cloud infrastructure provider Shadow has warned&nbsp;of the data theft of over 500,000 customers. The customers were informed by a breach notification which&nbsp;was <a href=\"https:\/\/www.reddit.com\/r\/ShadowPC\/comments\/175jz4o\/dataleak_my_creditcard_data_was_stolen\/\" target=\"_blank\" rel=\"nofollow\">posted online<\/a>.<\/p>\n<p>Cloud is known in the gaming world and, among other things, allows gamers to play resource heavy games on lower-end devices,<\/p>\n<p>The stolen data includes full customer names, email addresses, dates of birth, billing addresses, and credit card expiration dates. According to Shadow, no passwords or sensitive banking data have been compromised.<\/p>\n<p>Shadow says the incident happened&nbsp;at the end of September, and was the result of a social engineering attack on a Shadow employee. The attack began on the Discord platform after the employee downloaded malware&nbsp;he believed to be a game on the&nbsp;Steam platform.<\/p>\n<p>Shadow says that despite swift countermeasures, the attackers were able to use one or more of the cookies they had stolen in order to connect to the management interface of one of Shadow&rsquo;s SaaS providers. From there the attackers were able to steal the data from Shadow by using their Application Programming Interface (API) access.<\/p>\n<p>According to <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/shadow-pc-warns-of-data-breach-as-hacker-tries-to-sell-gamers-info\/\" target=\"_blank\" rel=\"nofollow\">BleepingComputer<\/a>, a cybercriminal claiming responsibility for the attack is selling the stolen database on a well-known hacking forum.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/10\/easset_upload_file63396_284095_e.png\" alt=\"message on hacking board offering data for sale\" width=\"700\" style=\"display: block; margin-left: auto; margin-right: auto;\" \/><\/p>\n<p style=\"text-align: center;\"><em>image courtesy of BleepingComputer<\/em><\/p>\n<p>In the message, the cybercriminal says IP connection logs were also stolen in the breach in addition to the other data mentioned by Shadow.<\/p>\n<p>It is unclear, although likely, whether Shadow has reached out to everyone involved. Shadow recommends that users&nbsp;<a href=\"https:\/\/shdw.me\/HC-B2C-2FA\" target=\"_blank\" rel=\"nofollow\">set up multi-factor authentication (MFA)<\/a>&nbsp;on their accounts, and watch out for any emails that appear to come from Shadow, as they could be phishing attempts.<\/p>\n<p>The company is also telling users to&nbsp;<a href=\"https:\/\/shdw.me\/HC-B2C-Support_Form\" target=\"_blank\" rel=\"nofollow\">contact customer service<\/a>&nbsp;with any questions or concerns.<\/p>\n<h2>Data breach<\/h2>\n<p>There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.<\/p>\n<ul>\n<li>Check the vendor&#8217;s advice. Every breach is different, so check with the vendor to find out what&#8217;s happened, and follow any specific advice they offer.<\/li>\n<li>Change your password. You can make a stolen password useless to thieves by changing it. Choose a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/computer\/how-to-create-a-strong-password\" target=\"_blank\">strong password<\/a>&nbsp;that you don&#8217;t use for anything else. Better yet, let a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/what-is-password-manager\" target=\"_blank\">password manager<\/a>&nbsp;choose one for you.<\/li>\n<li>Enable&nbsp;multi-factor authentication (MFA). This is good advice from Shadow, and something we always advise. If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\" target=\"_blank\">multi-factor authentication<\/a>&nbsp;can be phished just as easily as a password. MFA that relies on a FIDO2 device can&rsquo;t be phished.<\/li>\n<li>Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.<\/li>\n<li>Take your time. As Shadow warns, phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.<\/li>\n<\/ul>\n<hr \/>\n<p><strong>We don&rsquo;t just report on threats&mdash;we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by <a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/10\/customer-data-stolen-from-gaming-cloud-host-shadow\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding=\"10\">\n<tr>\n<td valign=\"top\" align=\"left\">\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/news\" rel=\"category tag\">News<\/a><\/p>\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/personal\" rel=\"category tag\">Personal<\/a><\/p>\n<p>Tags: Shadow PC<\/p>\n<p>Tags:  data breach<\/p>\n<p>Tags:  <\/p>\n<p>Cloud service provider Shadow has notified customers about a data breach affecting over 500,000 users.<\/p>\n<table width=\"100%\">\n<tr>\n<td align=\"right\">\n<p><b>(<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/10\/customer-data-stolen-from-gaming-cloud-host-shadow\" title=\"Customer data stolen from gaming cloud host Shadow\">Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/10\/customer-data-stolen-from-gaming-cloud-host-shadow\">Customer data stolen from gaming cloud host Shadow<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11172,32,26699,30331],"class_list":["post-23153","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-data-breach","tag-news","tag-personal","tag-shadow-pc"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23153","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23153"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23153\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23153"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}