Cloud gaming service Shadow PC recently experienced a security incident involving one of its service providers. The incident, which occurred at the end of September, was the result of a social engineering attack that began on Discord. An employee of Shadow PC was targeted, leading to the download of malware.
Despite immediate action from Shadow’s security team, the attacker managed to exploit a stolen cookie to access the management interface. This allowed the attacker to extract certain private information about Shadow users, including their first and last names, email addresses, dates of birth, billing addresses, and credit card expiry dates. Importantly, Shadow PC has clarified that no passwords or sensitive banking data were compromised in the incident.
In response to the incident, Shadow PC has taken steps to secure its systems and has reinforced the security protocols. The company is also upgrading its internal systems to render compromised workstations harmless.
Shadow PC advises its users to be vigilant about potential phishing attempts in the wake of the incident. The company also recommends that users protect their accounts by setting up multi-factor authentication. Instructions for setting up MFA on Shadow PC accounts can be found on the company’s website.
Shadow PC has apologized for the incident and assured its users that it is doing everything possible to ensure the security of their data. Users with questions or concerns are encouraged to contact Shadow PC’s customer service department.
As always, remember to follow us on our social media (e.g., Threads, X (Twitter), YouTube and Facebook) to keep up with the latest news.