Cyber Incident Victim: Shadow PC

The Shadow PC data breach originated from a social engineering attack targeting an employee, occurring around September 30, 2023. Attackers initiated contact on Discord, luring the employee to download malware disguised as a game on the Steam platform. This malware, identified as an information stealer, compromised an authentication cookie granting access to one of Shadow’s SaaS provider management interfaces. Using this access, the attacker exploited the provider’s API to extract customer data including full names, email addresses, dates of birth, billing addresses, and credit card expiration dates. Shadow confirmed the breach did not expose account passwords, full credit card numbers, or banking details. The company revoked the stolen authentication cookie, terminated the attacker’s access, and implemented enhanced security measures to prevent recurrence. Impacted customers were notified via breach alerts advising vigilance against phishing and recommending multi-factor authentication activation.

On October 12, 2023, a threat actor claimed responsibility for the breach on a hacking forum, alleging theft of data for 533,624 customers and attempting to sell the database after unsuccessful negotiations with Shadow. The seller asserted the dataset included IP connection logs—a detail not acknowledged in Shadow’s official communications. Shadow reiterated that the compromised SaaS provider held no additional user data beyond the disclosed fields. The company did not publish formal statements on its website or social media channels, though an employee engaged in a Reddit discussion to address limited inquiries. BleepingComputer could not independently verify the legitimacy of the hacker’s claims regarding the database sale or the inclusion of IP logs. Shadow maintained that containment efforts had secured its systems, with no evidence suggesting ongoing unauthorized access or further data exposure following the initial incident.