Shadow PC
| Primary URL | Location | Industry | shadow[.]tech |
Country
France
|
Technology
|
|---|
Profile
Shadow PC, operating also as Shadow Cloud Computing, is a cloud gaming service provider headquartered in France. The company delivers a platform where users can remotely access high-performance virtual desktop environments via a subscription model, enabling them to play graphically intensive PC games on lower-spec local devices. This service functions as a software-as-a-solution offering, abstracting the need for expensive local hardware by hosting powerful computing resources in centralized data centers. Its primary market consists of gamers seeking flexible, on-demand access to high-end gaming rigs without upfront capital investment, serving a customer base that spans multiple international regions. The scale of its operations is evidenced by its reported user count, with the service having over 500,000 customers at the time of a significant 2023 security incident, indicating a substantial footprint within the cloud gaming sector.
The company's operational history includes a notable security incident in late September 2023. Attackers employed a social engineering tactic, compromising an employee through malware disguised as a Steam game download on Discord. This breach yielded an authentication cookie, which provided unauthorized entry into the company's management interface for its SaaS provider. Consequently, the threat actors extracted a dataset containing customer full names, email addresses, dates of birth, billing addresses, and credit card expiration dates. While account passwords and full payment card details were not compromised, the incident resulted in the attempted sale of the stolen data, allegedly covering more than 500,000 users and including unverified IP connection logs. In response, Shadow PC revoked the compromised credentials, blocked the attacker's access, and implemented enhanced security measures to fortify its systems against future attempts. This event underscores the critical importance of robust internal security protocols for cloud service providers handling personally identifiable information.