Data breach at Shadow potentially more severe than initially thought

TechCrunch reports that French cloud gaming service Shadow may have downplayed the data breach it confirmed to have stemmed from an "advanced social engineering attack," which CEO Eric Sele said resulted in the compromise of customers' full names, birthdates, billing and email addresses, and credit card expiry dates. Over 530,000 customers had their data claimed to be stolen by the hacker behind the intrusion, with a sample of exfiltrated data with 10,000 records verified by TechCrunch found to contain numerous customer billing addresses corresponding to private home addresses and private API keys, as well as subscription status and other non-personal customer account details. Moreover, attackers may have compromised Shadow on or after Sept. 28, as indicated by the date of the most recently stolen record. No further comments were provided by Shadow spokesperson regarding the new findings, which come amid Valve's implementation of two-factor authentication check following malware compromise of its game developers' accounts. Whether the attacks on Shadow and Valve are related is still uncertain.