What Happened
In September 2023, the cloud gaming provider Shadow suffered a data breach that exposed over 543,000 customer records after a hacker conducted a sophisticated social engineering attack against an employee who downloaded malware-laced content via Discord and Steam. The compromised data included full names, email addresses, dates of birth, billing addresses, credit card expiry dates, and private API keys associated with customer accounts. The hacker posted about the breach on a hacking forum and offered the stolen data for sale, claiming they were “deliberately ignored” by the company. TechCrunch verified samples of the stolen data and confirmed its authenticity, and the most recent records in the dataset suggest the breach occurred on or shortly after September 28, 2023.