NVIDIA confirms GeForce NOW data breach affecting Armenian users

Source: Bleeping Computer

Incident Overview

NVIDIA confirmed that user information from its GeForce NOW service was exposed in a data breach that affected only Armenia. The breach resulted from a compromise of infrastructure operated by a regional partner, not NVIDIA’s own network.

“Our investigation found no impact on NVIDIA‑operated services. The issue is limited to systems run by a third‑party GeForce NOW Alliance partner based in Armenia. We are working closely with the partner to support their investigation and resolution. Impacted users will be notified by GFN.am,” the company said.

The statement was issued after a post on a hacker forum by a threat actor using the ShinyHunters nickname claimed to have breached GeForce NOW and stolen millions of user records. However, the actor is believed to be an impostor.

Details of the Breach

• The threat actor claimed the stolen data included:
  • Full names
  • Email addresses
  • Usernames
  • Dates of birth
  • Membership status
  • 2FA/TOTP status
• Samples of the alleged data were posted, and the full database was offered for $100,000 in Bitcoin or Monero.
• BleepingComputer later found that the post has been removed from the forum, and it is unclear whether the database was sold or deleted.

Affected Data (According to GFN.am)

A statement posted by GFN.am confirmed a cybersecurity incident that took place between March 20–26. The exposed information includes:

• Full name (if using a Google account)
• Email address
• Phone number (if registered through a mobile operator)
• Date of birth
• Username

GFN.am clarified that no account passwords were exposed and that users who registered after March 9 are not impacted.

Response from NVIDIA and GFN.am

• NVIDIA emphasized that its own network was not affected.
• GFN.am, the Armenian regional operator for GeForce NOW, is responsible for operating NVIDIA’s service in Armenia and several other countries (Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan). No impact has been confirmed in those regions.
• Impacted Armenian users will be notified directly by GFN.am.

Update

Added information that the threat actor may be a ShinyHunters impersonator.