Last week, hacking group ShinyHunters took to a black hat hacking forum to share that it had successfully breached Nvidia's GeForce Now and was looking to sell "millions of real user records" to the highest bidder. However, Nvidia seems to claim that's not quite the case.
As originally spotted by The Cybersec Guru, ShinyHunters claims to have "pulled their entire database straight from the backend" with users' first and last names, email addresses, dates of birth, membership status, 2FA status, and more.
The mention of 2FA status is important here, as bad actors could effectively ignore any account with extra protective measures to get a better hit rate when trying to get access to users' accounts.
However, according to a statement given to VideoCardz from Nvidia:
"Our investigation found no impact to Nvidia-operated services. The issue is limited to systems run by a third-party GeForce Now Alliance partner based in Armenia. We are working closely with the partner to support their investigation and resolution. Impacted users will be notified by GFN.am.”
Nvidia has pointed me to GFN.am's statement (and a translation of it), noting that hackers did not get access to passwords but may have got may have got the following:
- E-mail address
- Telephone number, if registered through a mobile operator
- Date of birth
- Name and surname if logged in through Google
- GFN.AM username
That same statement says, "Following the discovery of the incident, the Society has taken immediate measures to eliminate the causes of unauthorized access, as well as additional organizational and technical measures have been implemented to increase the level of protection of information systems and prevent similar situations in the future."
Unless you live in Armenia and have an account through Nvidia's Armenian GeForce Now provider (GFN.am), you are unlikely to be affected by the breach, but Armenian users should keep an eye on the site and activate 2FA at a minimum.
This unfortunately does not necessarily account for users who no longer subscribe to the service, so hopefully they will get other forms of communication too.
Still, even after all of this is done, ShinyHunters claims it has a list of email addresses, so it's worth being extra vigilant of phishing and spam emails going forward.
If the name ShinyHunters is familiar to you, there's a good chance it is because, just last month, it demanded a ransom for Rockstar in regard to data it managed to steal.
After Rockstar refused to pay the fee, ShinyHunters revealed the data, and our Andy Chalk reckons Rockstar was right not to pay. We don't know what processes Nvidia will implement from here, but here's hoping its providers continue to brush up on their cybersecurity.
