NVIDIA confirmed in a statement to BleepingComputer that GeForce NOW user data was exposed in the data breach.
The game and hardware giant clarified that the impact was limited to Armenia, and was caused by the damage to the infrastructure used by the regional partner.
The company added that its network was not affected by the incident.
“Our investigation found no impact on NVIDIA-powered services. The problem is limited to systems managed by a third-party GeForce NOW Alliance partner based in Armenia. We are working closely with our partners to support their investigation and resolution. Affected users will be notified by GFN.am,” the company said.
The statement comes in response to a post last week on a hacker forum from a malicious actor who goes by the nickname ShinyHunters, claiming to have breached GeForce NOW’s service and stolen millions of user records.
However, the ShinyHunters actor who posted the breach of the hacker forum is believed to be a hoaxer.
According to the threat actor, the stolen information includes full names, email addresses, usernames, dates of birth, membership status, and 2FA/TOTP status.
The threat actor also sent samples of the stolen data and offered the full database for $100,000 paid in Bitcoin or Monero.
The NVIDIA GeForce NOW cloud gaming service allows users to stream on their system games that run on more powerful hardware using NVIDIA GPUs in the data center.
GFN.am is the Armenian regional operator of GeForce NOW, responsible for running the NVIDIA service in the country.
Alliance partner locations can use independent authentication systems, local customer databases, regional payment platforms, and locally managed infrastructure.
A statement sent by GFN.am confirms the cyber security incident that occurred between March 20 and 26 and revealed the following information:
- Full name (if using a Google account)
- Email address
- Telephone number (if registered with a mobile operator)
- Birthday
- Username
GFN.am clarified that no account passwords were exposed in this incident, and any users who signed up for the service after March 9 are not affected.
According to NVIDIA’s help page, GFN.am is also responsible for managing GeForce NOW operations in Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan, but no impact on those countries has been confirmed.
BleepingComputer has discovered that the threat actor’s post has now been removed from the hacker forum.
It is not clear if the website has been sold to a buyer or if the seller or site administrators have removed it.
Update [14:14]: Additional information that the threat actor may be a ShinyHunters impersonator.
AI has tied four zero days to a single exploit that bypasses both renderer and OS sandboxes. A wave of new exploits is coming.
At the Automated Validation Conference (May 12 & 14), see how autonomous, context-rich validation finds usability, validates controls, and closes the correction loop.
Find Your Place
