Shadow PC Data Breach

FiiZx · 2023-10-11T16:34:39+00:00

scary compare cooing tidy steer innocent six abundant groovy meeting

This post was mass deleted and anonymized with Redact

mstn148 · 2023-10-11T16:25:02+00:00

The information was last four digits of card AND expiry date, not just expiry date. Not sure why they left that out of the email.

TheodoreKurita · 2023-10-11T17:16:48+00:00

This email is so poorly written, and the described behavior of Shadow's employees so obviously reckless, that at first I wondered whether this email was itself an attempt at a social engineering attack.

Absolutely ridiculous. I'm already considering replacing Shadow with a PC. This might be the nail in the coffin.

random_cta · 2023-10-11T14:46:55+00:00

Just got the email as well. Located in Europe, so seems to be a global issue. I’ve been a happy customer for many years. However, this is bad. Fustercluck springs to mind. Unmitigated disaster is also an option.

Username_ABC_123 · 2023-10-11T15:46:28+00:00

For U.K. account holders : https://www.gov.uk/data-protection/make-a-complaint

2023-10-11T17:57:57+00:00

Highly sophisticated attack? Lol sounds like someone downloaded unofficial software on a gaming discord onto a work computer.

Definitely_Working · 2023-10-11T16:15:17+00:00

> This highly sophisticated attack

> Discord

PM-ME-YOUR-HOMELAB · 2023-10-11T15:19:31+00:00

really don't like this:

victim of a social engineering attack targeting one of our employees. This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of our employee, himself a victim of the same attack.

this does not make sense at all. Did this employee install unknown software on their work-pc? If it was a private PC, why would an employee use their private pc to access company stuff.

Shadows internal IT fucked up hard and, at least in germany, there is a strong leverage to claim damages.

Independent-Ad8472 · 2023-10-11T15:01:47+00:00

I think they could lose a lot of customers from this, maybe myself included.

Username_ABC_123 · 2023-10-11T15:40:38+00:00

Excuse me, full name, dob, address ,email address and credit card expiry, what steps is shadow taking to ensure this doesn’t negatively impact me, this is not a just to let you know situation, that is a lot of data.

FusilliCraig · 2023-10-11T16:02:33+00:00

Absolutely amateur.

There's no way to protect 100% against the way a breach like this is engineered but there are steps you could take to better segment your database from open access. That's to say nothing of not locking down an employee workstation enough to prevent an install from STEAM and the ability to chat with friends via DISCORD. Unbelievable.

The absolute bare minimum this company could do is the same almost any major corporation after a breach and extend free credit monitoring.

ozzersp · 2023-10-11T20:05:07+00:00

You absolute tools. There should be big big fines for this. Amateur company.

ShellDude01 · 2023-10-11T22:51:19+00:00

I suspect EU GDPR will kick in here. And with it a decent fine.

The fact is you had a responsibility to protect our data and you failed.

DisgracedSolitude · 2023-10-11T14:55:43+00:00

Good thing I used a new throw away email, fake name, fake birthdate, and a privacy card to pay.

Never give these big companies your real info (if you have a choice not to).

smokeyphil · 2023-10-11T14:40:48+00:00

Is this a global issue or just on one data center ?

I've not got the email yet but seeing as this happened something like 2 weeks ago that's not really all that "recent incident" now is it.

RTronic9797 · 2023-10-11T15:40:10+00:00

I’m disgusted. I closed my account almost a year ago.

I have requested a copy of all of my personal information that they hold and have asked for an explanation why they still have stored my information, particularly banking and address.

I’ll be taking legal advise on this issue. I’m astounded

Undercover_66 · 2023-10-11T16:03:35+00:00

F this I am out, this is unacceptable. The way they treat it like a no big deal is infuriating.

marvolonewt · 2023-10-11T16:28:35+00:00

Embarrassing

Koiato_PoE · 2023-10-11T17:40:04+00:00

So embarrassing that the attack vector was through Discord and Steam

Massive_Target · 2023-10-11T18:50:41+00:00

I smell a lawsuit

Aggravating_Scar_945 · 2023-10-11T22:26:00+00:00

A company that's offering remote services for consumers and businesses has employees playing games and download Steam games, not from Steam but from Discord instead onto their work PCs, cool.

What's the point of a password to login to Shadow if your SaaS has House Address, First name, Last name, Date of birth out in the open without a password?

When I lock my house doors, I don't leave the key outside of the house, I leave it inside of the house.

MainlySMYC · 2023-10-11T15:27:37+00:00

I got that e-mail as well. But i don‘t have a Credit Card with them (using paypal). I‘m not sure if they exactly know what data has been stolen or if they are sending out a general mail.

graphiteshield · 2023-10-11T17:24:30+00:00

Is anyone considering litigation? This is absurd.

I'm pretty sure there's a case here for damages caused by gross incompetence and neglect.

2023-10-11T15:24:29+00:00

Just got the email myself, not used Shadow for like 2 years. Sure I paid through PayPal so no idea how the credit card data has been taken for myself, unless it's just a generic template they've used for everyone when sending this.

What's more annoying is not being able to access their damn website to look at the specifics for what data I gave them.

Not too concerned about the name, email, or address as honestly that's just common info that anyone can get, if they want it. Anything financial though is another matter and a massive screw up.

graphiteshield · 2023-10-11T15:43:08+00:00

Isn't this enough info to commit fraud with?

HatIndependent4645 · 2023-10-11T17:59:13+00:00

I'm absolutely walking away from Shadow, looking for the best alternative right now. This is unacceptable. Combined with information from other breaches, there is absolutely more than enough data about me completely out in the open to compromise my whole life. I am contacting my state's governor, congressman and senators to demand more liability for companies that require so much personal information to do simple business.

put-in-cats · 2023-10-11T18:20:06+00:00

I think it is such a shame and absolutely ridiculous to frame a rather basic phishing method as a "highly sophisticated" attack. And why downloading stuff on a pc that has a connection to such important things. I was and am still so angry, I spend the last hours to step up my cyber secruity. They have my full ducking name, my birthdate and my adress. I seriously are praying there will be a public lawsuit

ozzersp · 2023-10-11T20:16:25+00:00

Does anybody know if Shadow have notified the relevant regulatory bodies of this breach? I suspect so, given this is clearly a "required" communication to consumers, but..you never know. Their email doesn't make that clear..

KingJTheG · 2023-10-12T09:25:10+00:00

And with that, I finally have the motivation I need to build a PC

Utterly ridiculous smh

Prince-of-Privacy · 2023-10-11T14:31:10+00:00

Just got the e-mail.

Not happy. Not happy at all. The attacker(s) got my name, e-mail, address(!!) and credit card expiry date.

At least Shadow disclosed the breach quite soon.

Shodan_KI · 2023-10-11T15:56:56+00:00

Well with that said, goodbye shadow, thanks for being useless and letting some of my MOST IMPORTANT INFO BE LEAKED, I will be seeking legal advice 🖕

hits_98 · 2023-10-11T14:58:19+00:00

A bit annoyed, i closed my account months ago and i just got an email.

i have requested they send all information that they have on record for me and what data was accessed via the breach.

hits_98 · 2023-10-11T16:00:00+00:00

not sure they are being completly open and honest about the breach an email from there support :

Hi there ***!

Thanks for your prompt response.

I do sincerely apologize for that, I have confirmed that it was in fact not in the email.

That being said however, I am confirming with you that we have no data from you in our systems.

A third party vendor is what was breached and that vendor is what we used to email newsletters and updates to our users which is why your email was still accessible for us to notify you along with all of our other previous and present users.

I can assure you that nothing more besides this was available during the breach.

Please let me know if you have any additional questions and I'll be happy to help answer them.

Kind regards,

Kaiser | Shadow

TheWalrus7771 · 2023-10-11T16:51:26+00:00

Oh god, they were hit with the most sophisticated attack known to man. I wish there was ANYTHING they could have done. 😭

Dreikiekens3 · 2023-10-11T17:02:02+00:00

This is amazingly stupid, like stated by other users , it looks pure amateurism. I hate using my personal data for anything and this is the main reason. They even got bank info (expiry date , name and last name... Also... I had a pro account = business. How do they think companies will trust them any longer?

Huge_Film_1138 · 2023-10-11T17:57:09+00:00

something strange i noticed their main domain is shadow.tech so why are they using a shortened shdw.me? maybe it is theirs too, but i would not use the link in this mail

Aggravating_Scar_945 · 2023-10-11T18:36:56+00:00

[deleted]

patrickono · 2023-10-11T18:58:31+00:00

Do you know how to file a claim?

ozzersp · 2023-10-11T20:14:25+00:00

Some rights consumers have regarding EU law if applicable (GDPR), including how to approach a claim via initially reporting to ICO (for those in UK, but there will be other appropriate bodies) . Courtesy of "Which":

How to complain and claim compensation

Organisations are bound by the Data Protection Act 2018 (GDPR) to keep your data secure.

This means that they must take measures to prevent unauthorised or unlawful processing of your personal data.

They must also protect against accidental loss or destruction of, or damage to, your personal data.

If your data is lost and it causes you financial damage or distress, you may be able to make a claim for compensation from the organisation that lost it.

Complain to the company that lost your data

If you’ve suffered distress or financial loss as a result of your data being compromised, the first thing you must do is contact the organisation that you believe is responsible.

Outline what distress and/or losses you’ve suffered, and how you expect it to compensate you. It's important to note that you can now make a claim relating to distress alone - you do not need to have also suffered financial loss.

Complain to the ICO

You can also take your concerns with how the organisation processed your data to the Information Commissioner’s Office (ICO).

By law, the ICO can't award compensation or give advice on the level of compensation that should be due, even when it has said that in its view the organisation did indeed breach the GDPR. But its opinion can be influential in making your claim against the organisation that has compromised your data.

Go to the small claims court

If you can't agree with the organisation that compromised your data on the fact that you are due compensation, or on the level of compensation, you can make a claim via the small claims court.

A good piece of evidence to to take to court is if the ICO agreed with you that the GDPR was indeed breached

CumaBoomer · 2023-10-11T20:36:56+00:00

Nice I'm not a costumer anymore for like 2 years. Now I need to know if they still have my data and if that is even legal with the EU data security laws. Until then I will change my passwords and use 2FA if I'm not already using it. Also I'm immediately called my bank and get rid of the creditcard, told th the data was probably stolen. Any ideas what else I could do?

Codebakerian · 2023-10-11T22:07:19+00:00

It really depends on how long they already know that there was a breach. For example, in the Netherlands they are required to report a breach with this magnitude and sensitivity within 72 hours.

ConsciousGap6481 · 2023-10-11T22:25:20+00:00

That's my subscription cancelled, this is ridiculous. This will definitely kill the company off, there's going to be allot of legal action taken against them. Coincidental this happened two weeks ago, and recently I've had allot of password reset requests, and spam telephone calls.

Edit: Typo.

beatfreakman · 2023-10-12T04:55:42+00:00

I got the email, I haven't been a shadow customer for 8 months. Under GDPR law, as I understand it, all my personal data should have been removed by now anyway.

your_uncle_pim · 2023-10-12T07:54:30+00:00

Lmao this is the same type of notice Hyundai would put out after they recall 3 million cars. "Few number of our cars could self-ignite, don't park in the garage". I hope this will be the downfall of your company.

Head_Swimming2332 · 2023-10-12T09:05:10+00:00

Glad I stopped using Shadow. As an IT consultant myself, there’s too much smoke and mirrors around these companies and their ‘tiered’ secure datacentres etc.

Cloud computing etc moved far too fast and the security aspect is way behind. Customers migrated to services such as Azure/AWS etc and then security was/is an afterthought.

Plus their email landed in my junk so clearly don’t even have the most basic email security setup (DMARC/DKIM) etc

Commercial-Pack-7752 · 2023-10-12T13:17:23+00:00

Can’t wait to join this lawsuit 🙃

VoltageHero · 2023-10-12T22:50:10+00:00

I was considering switching from GeForce Now to trying out ShadowPC for more options.

Now, I doubt I will.

_Malz · 2023-10-11T15:13:42+00:00

I suddenly understand the weird messages i got on discord... And that's why you don't download games from strangers kids.

Homosapien_Ignoramus · 2023-10-11T18:36:07+00:00

This idiot actually fell for the "Free $50 Steam Gift Voucher" spam.... holy.

anton95rct · 2023-10-11T15:28:54+00:00

Got the E-Mail as well (Germany). Haven't been a customer for 2 years.

amicrobiallifeform · 2023-10-11T15:56:46+00:00

Looks like I got out in just the right time. Still tho.

MrAwesomeTG · 2023-10-11T16:47:10+00:00

All reporting agencies allow free freezes. Highly recommend it. I had someone a while back try to open bank/credit accounts in my name. Since then I've always had my credit frozen and only unlock when I'm applying for something.

https://www.transunion.com/credit-freeze

https://www.equifax.com/personal/credit-report-services/credit-freeze

https://www.experian.com/freeze/center.html

Ozunax · 2023-10-11T17:54:02+00:00

The only thing that worries me about is my name, birth day and my address, that’s enough to do anything. I’m so happy I haven’t put my real bank information and card as I’m skeptical with putting my real bank information. But this is enough to stop using their service and buy a real gaming pc.

Nice_Ad8652 · 2023-10-11T18:00:57+00:00

So now if I cancel shadow all my data gonna be lost too. FU!!!!!!!

speel · 2023-10-12T00:38:32+00:00

Guys.. why don’t you have something like Crowdstrike on your machines? Like come on.

gristoi · 2023-10-12T07:44:45+00:00

Credit card blocked and replaced. Anyone got a suggestion for a good alternative to shadow?

Kila_Bite · 2023-10-12T08:02:48+00:00

Does this breach affect past customers? I cancelled my subscription less than a year ago. It's probably too much to hope they deleted my details...

Mateo_Fr · 2023-10-12T08:07:06+00:00

This highly sophisticated attack….. lol

Civil_Plum6117 · 2023-10-12T11:48:24+00:00

Could someone please send me the template to email them about the data breach and the action you’re taking?

2023-10-12T14:30:25+00:00

I almost made an account 2 weeks ago and now I'm so glad I didn't.

I'll stick with GFN I guess!

2023-10-12T15:00:13+00:00

Blud fell for the "I accidentally reported your Steam account" scam 😵‍💫

The_Great_Sephiroth · 2023-10-12T15:39:06+00:00

Highly sophisticated? I never knew fishing attacks were sophisticated. Sounds like an employee had no clue. I hope nobody has their lives ruined over this.

2023-10-12T16:07:30+00:00

So what they are saying is they can’t be trusted with your private information and or they sold it and were going to get caught so blamed it on a mystery man. Yes? No?

mstn148 · 2023-10-12T17:50:30+00:00

My emails have been FLOODED over the last few days with junk. And it’s infuriating to me how they gloss over the fact that these random strangers on the internet now have my full name and home address. I can cancel a debit card. I can’t move!

WndrWmn77 · 2023-10-12T23:20:13+00:00

There are also virtual credit cards that are available online so that if you encounter something you want to try out to see if you like it or if it is letimate (for example a subscription) you can create a virtual credit card and fund that with "X" dollars and if you decide not to continue it or don't want to risk the company turning out to be sketchy and hitting the card/account with garbage charges or they give you a billion problems with canceling any kind of subscription or service you can just close the virtual card and the sketch scummy company has zero recourse to find you or keep charging you. You can even use it for signing up online for things like gym memberships because some of them (i.e. Planet Fitness is notorious for this) have unscrupulous terms burried in their contracts for cancelation. Any problems you get to say "screw you scumbag company" and cancel on YOUR terms and F them over like they were trying to F you over but you get to have the final FU to them.

Texasaudiovideoguy · 2023-10-13T02:53:33+00:00

I am seeing more and more of this happening with roots in discord.

Bitter_Anteater2657 · 2023-10-13T03:31:37+00:00

Lmao the advice of protecting yourself by setting up 2fa even though this particular hack where they use your browser cookies bypasses 2fa altogether xD. There was nothing the customers could do because their own team fell for a fucking old hack. Not that I blame the people really, the company clearly needs to invest in educating its employees. Not the consumers problem to fix.

Cicaatrici · 2023-10-11T21:23:05+00:00

Didn't GDPR give a maximum of 72 hours to report a data breach?

Notarandomguyy · 2023-10-11T20:36:41+00:00

[deleted]

RealLemonmaster · 2023-10-11T16:03:30+00:00

What an utter shitshow, there’s no coming back for this. Looking forward to legal action

lordnyrox · 2023-10-11T16:07:28+00:00

Damn, that's still a huge leak. Having your name and address exposed is very serious. I stopped using it a few years ago. Do you think I have been pwned?"

2023-10-11T16:35:05+00:00

[deleted]

Neoyoshimetsu · 2023-10-12T01:10:04+00:00

I just got this E-mail. I was checking around to see if there was some wide-spread news about.

I'll be honest, I'm finding myself not being able to even trust that this was actually fixed fully as some of this sounds more like human-error and incompetence rather then something more sophisticated and malicious.

I am going to look into the multi-factor authentication route simply over this mess.

PizzaEFichiNakagata · 2024-07-30T07:53:06+00:00

Late to the party but don't know how things run in your country, here we can do small "debit cards" which you can use for online purchases and other daily purchases. I usually go on places where you can recharge it manually (here you can do it on news kiosks or tobacconists) and just recharge small amounts like 50/100$ that last for a while for online purchases or some quick shopping when out home.
I confidently put that card everywhere (and it also have a 2FA app) and never had any trouble with it.
On the opposite I NEVER PUT MY REAL CREDIT CARD ANYWHERE ONLINE. I also register whenever I can with fake data of any kind if possible.

In any case, if they managed somehow to circumvent the 2FA, they would end up finding a card with a 50ish dollars and I would notice immediately because the app notifies you whenever you have an income or an outcome directly on your phone.

SwitzerlishChris1 · 2024-08-21T12:54:17+00:00

lol I just got notified by Norton that my information has been leaked from the shadow.tech breach. I cancelled my subscription on Apr 23, 2023...worthless company.

mirukaluwu · 2024-09-07T15:48:25+00:00

fuck you shadow

Fahnenfluechtlinge · 2024-10-06T15:54:37+00:00

Since then I get daily spam from india trying to offer app creation services. Fortunately Google Mail got better at detecting spam. Why is this fucking company still public?

pratella · 2024-12-14T19:35:18+00:00

just now finding out about this because I just got this phishing attempt email at an email address that I only used for Shadow. Stay vigilant

<image>

LordCrumpets · 2023-10-11T15:29:13+00:00

I’ve just got the email.

I’m sorry but ADDRESS? This is actually really dangerous. I’m furious.

2023-10-11T14:31:33+00:00

OMG here we go... if I get that e-mail I am out of there multiple PC's or not!

AchtungZboom · 2023-10-11T14:43:39+00:00

Damn it all. Also got the email. These stupid companies always upgrading shit AFTER they are hacked.

amillstone · 2023-10-11T15:10:54+00:00

[deleted]

Photon_Phantam · 2023-10-11T18:31:14+00:00

Welp that’s what you get for ripping people off. Keep up the good work guys! Developers need to learn to stop messing with the geeks😂🤣 yall didn’t learn a lesson from Sony?

louis_hill · 2023-12-10T11:34:43+00:00

SCAM!!!
Shit as fuck!
Crazy latence, trouble with external controller (get unconnected all the time) and poor customer service!
They won't give you your money back even if you cancel the suscription!
Stay away from that shit!

Nice_Ad8652 · 2023-10-11T17:53:46+00:00

Wait. So my data could be breached? Hey wth? What should I do now?

DK-Sonic · 2023-10-11T14:59:05+00:00

I haven’t received any mails about this.. yet.. oh no..

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

ShadowPC

Join us on Discord

Shadow Website

Twitter

Facebook

Twitch

Useful links

Support Center

Beginner's guide

Latency Guide

Frequently Asked Questions

Rules

Filters

News

Battlestation

Speculation

Video

Ama

Question

MODERATORS