TechCrunch reports that French cloud gaming service Shadow may have downplayed the data breach it confirmed to have stemmed from an "advanced social engineering attack," which CEO Eric Sele said resulted in the compromise of customers' full names, birthdates, billing and email addresses, and credit card expiry dates.
Over 530,000 customers had their data claimed to be stolen by the hacker behind the intrusion, with a sample of exfiltrated data with 10,000 records verified by TechCrunch found to contain numerous customer billing addresses corresponding to private home addresses and private API keys, as well as subscription status and other non-personal customer account details.
Moreover, attackers may have compromised Shadow on or after Sept. 28, as indicated by the date of the most recently stolen record.
No further comments were provided by Shadow spokesperson regarding the new findings, which come amid Valve's implementation of two-factor authentication check following malware compromise of its game developers' accounts. Whether the attacks on Shadow and Valve are related is still uncertain.
CNN reports that Avast has been imposed a $16.5 million fine by the Federal Trade Commission for misleading customers with claims of protecting their browsing data but proceeding to gather and sell such data without prior consent.
Cybernews reports that several documents leaked on GitHub have revealed the Chinese government's utilization of spyware developed by homegrown information security firm I-Soon in its offensive cyber operations.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news