Shadow Drive

I recently saw that Qwant was promoting
Shadow Drive on their website alongside their own products, so I thought they had made a new drive app. After looking into it, it seems to be a different company that focuses on gaming that ended up making a Drive app and Qwant partnered with them and put a link to the service on their website. Now I’m just wondering, even though Shadow Drive is very new, does it look like a good drive option in terms of privacy currently?

AFAIK, the company was what we call in France “Redressement judiciaire” or in English “judicial settlement” or whatever you call it in English. Basically, this means the company was in suspension of payments because they didn’t have enough money to be sustainable. But it was bought out by Octave Klaba, the ex-CEO of OVH, one of the biggest global cloud service providers in Europe. So, they’re now here :slight_smile:

Also, just to set the stage, the service isn’t even released, it’s marked as “Coming Soon”. It’s not available worldwide, only in 12 countries.

One big complaint I have from them is the number of trackers on the website, 11 have been detected by Brave. In the positive side of things, they say they are working on encryption at-rest!

1 Like

They come in some ways from Hubic -if i remember correctly, but i am 50% on this,
They provide virtual PC-s to game on, through a client one (alongside the drive)
BUT
Their discord server requires phone to be attached to have write access…Also the main thing:
They had already breached on 10/11/23, i got this lovely message (i want to link a good article about this, but i can not find a good one, so the mail instead):
Bold their highlight, italic mine.

We would like to inform you of a recent incident affecting the security of certain data hosted by one of our service providers.

What happened?

At the end of September, we were the victim of a social engineering attack targeting one of our employees. This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of our employee, himself a victim of the same attack.

Our security team took immediate action. Despite our actions, the attacker was able to exploit one of the stolen cookies to connect to the management interface of one of our SaaS providers. Thanks to this cookie, now deactivated, the attacker was able to extract, via our SaaS provider’s API, certain private information about you.

The information concerned is your first and last name, e-mail address, date of birth, billing address and credit card expiry date. It is important to note that no passwords or sensitive banking data have been compromised.

What actions have we taken?

As soon as this incident was discovered, we took immediate steps to secure our systems and took all necessary precautions to avoid future incidents. We have also reinforced the security protocols we apply with all our SaaS providers. Finally, we will be upgrading our internal systems to render compromised workstations harmless.

What can you do?

In the wake of this incident, please be very vigilant about the emails you receive, as they could be phishing attempts. In general, for all your accounts, we advise you to protect yourself by setting up multi-factor authentication (“MFA”).

To set up MFA on your Shadow account, please refer to the following guide: ‎How does Two-Factor Authentication (2FA) work on Shadow? | Shadow

We are here for you

We sincerely apologize for the inconvenience and assure you that we are doing everything possible to ensure the security of your data.

If you have any questions or concerns, please do not hesitate to contact our customer service department at ‎How to contact Shadow Support | Shadow

Thank you for your understanding and trust.

Best regards,

Eric Sèle,

CEO, Shadow

Some wording is a bit odd. Could be ok, breached already…

That’s good they disclosed the breach, but if they do things like require a phone number to use their discord channel, I’m surprised they are recommended by Qwant. I guess I mainly want to use them for that free 20 GB, but I’m not willing to sacrifice privacy for storage if there’s more bad things about them :confused:

1 Like

Still a free 20 GB for junkish things, but not a Tresorit