InfoSecBulletin Cybersecurity for mankind
BleepingComputer reported NVIDIA has confirmed in a statement that GeForce NOW user information has been exposed in a data breach. The big gaming and hardware company said the effect is only in Armenia and happened because a regional partner’s system was compromised.
The company added that its own network was not impacted by the incident.
1-Click GitHub Token Flaw Allows Attackers Steal Users’ OAuth Tokens
TP-Link Router Flaw Enables Remote Command Execution Attacks
ALERT
Google patches one exploited Android zero-day and 124 issues
CISA warns two-year-old Oracle Vuln as actively exploited in attacks
Hackers Use Meta’s AI Bot to Take Over Instagram Accounts
Anthropic confirms Claude Mythos-class models will be public
Threat Actors Fake FIFA Sites to Steal Personal Info
CISA gives feds 4 days to fix cPanel plugin vulnerability
ALERT
FortiClient EMS Code Execution Flaw Exploited to Deploy Malware
Anthropic Unveils Free Security Plugin for Claude Code Terminal to Detect Flaws
“Our investigation found no impact on NVIDIA-operated services. The issue is limited to systems run by a third-party GeForce NOW Alliance partner based in Armenia. We are working closely with the partner to support their investigation and resolution. Impacted users will be notified by GFN.am,” the company said.
The statement replies to a post from last week on a hacker forum. A threat actor using the name ShinyHunters said they hacked the GeForce NOW service and took millions of user records.
The hacker said the stolen information has names, email addresses, usernames, birth dates, membership status, and 2FA/TOTP status.
The threat actor also posted samples of the stolen data and offered the full database for $100,000 paid in Bitcoin or Monero.
The NVIDIA GeForce NOW service lets users play games on their devices that are running on stronger computers using NVIDIA graphics cards in a data center.
GFN.am is the Armenian regional operator for GeForce NOW, responsible for operating NVIDIA’s service in the country.
A statement posted by GFN.am confirms a cybersecurity incident that took place between March 20 and 26 and exposed the following information:
Full name (if using a Google account)
Email address
Phone number (if registered through a mobile operator)
Date of birth
Username
GFN.am has said that no account passwords were leaked, and users who signed up after March 9 are safe.
GFN.am helps run GeForce NOW in Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan, but there’s no report of any effect on these places according to NVIDIA’s help page.
BleepingComputer reported that the threat actor’s post has now been removed from the hacker forum. It is unclear if the database has been sold to a buyer or if the seller or forum administrators deleted it.
