In a recent communication sent to impacted customers, Shadow, a Paris-based company,
disclosed a security breach resulting from a sophisticated social engineering attack on one of its employees.
email addresses, dates of birth, billing addresses, and credit card expiry dates, according to Shadow CEO Eric Sèle.
This breach led to unauthorized access to customers' sensitive data, including full names,
who claimed responsibility and subsequently offered the data for sale after feeling ignored by the company.
TechCrunch obtained a sample of the pilfered data from the hacker behind the breach,
TechCrunch took steps to verify a segment of the stolen records by cross-referencing unique staff-related email addresses found in the dataset using the website's sign-up form.
This breach reportedly exposed the data of over 530,000 Shadow customers.
Additionally, the dataset included private API keys linked to customer accounts, although it remains unclear whether these keys are accessible by customers.
Of the exposed data, many customer billing addresses were identified as corresponding with private home addresses.