Data theft at PC cloud platform Shadow
![Image Report examines recent activities of Russian cybercriminals from [Sandworm]](https://incyber.org//wp-content/uploads/2024/04/incyber-news-cybersecurite-cybersecurity-attack-danger-2024-885x690.jpg)
On October 11, 2023, Shadow, the French cloud computing PC specialist, admitted it had suffered a data theft, at the end of September 2023. The scope of the attack remains unknown but cybercriminals are thought to have stolen personal user information. This includes names, first names, email addresses, dates of birth, billing addresses and bankcard expiry dates. Shadow maintains no passwords or sensitive banking details were involved.
According to Eric Sèle, Shadow CEO, the compromise comes from a “very sophisticated” social engineering attack. Cybercriminals first took control of a Discord account belonging to an acquaintance of a company employee, which they used to send the employee a videogame download request on Steam.
The game contained malware that allowed the cybercriminals to retrieve a cookie. Thanks to the latter, they managed to access the management interface of a Shadow service provider. They then used the provider’s API to siphon personal data. Shadow has since deactivated the affected cookie and advises all its users to implement double authentication.