TechCrunch reports that French cloud gaming startup Shadow had its customers' personal data compromised in a data breach stemming from a social engineering attack against an employee last month.
"This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of our employee, himself a victim of the same attack," said Shadow CEO Eric Sele.
Infiltration of Shadow's software-as-a-service provider's management interface enabled attackers to exfiltrate customers' full names, birthdates, billing and email addresses, and credit card expiry dates, but no banking data or passwords were impacted, according to Shadow.
More than 530,000 individuals' personal data were claimed to have been compromised in the attack by a threat actor selling the stolen Shadow database. Such claims were not disputed by Shadow spokesperson Thomas Beaufils, who did not detail the affected SaaS provider nor the number of individuals impacted by the incident.