NVIDIA has confirmed that user information linked to GeForce NOW was exposed in a recent data breach, but says the incident only affected systems operated by a regional partner in Armenia and did not impact NVIDIA’s own network.
In a statement shared with BleepingComputer, the company said the breach involved infrastructure managed by a third-party GeForce NOW Alliance partner known as GFN.am. “Our investigation found no impact on NVIDIA-operated services,” the company said, adding that it is working closely with the partner during the investigation and recovery process.
The confirmation follows claims posted last week on a hacker forum by a threat actor using the ShinyHunters name, who alleged that millions of GeForce NOW user records had been stolen. However, reports suggest the person behind the post may have been impersonating the well-known hacking group.
According to the threat actor, the stolen database included full names, email addresses, usernames, dates of birth, membership status, and 2FA or TOTP details. Samples of the alleged data were posted online, while the full database was reportedly offered for sale for $100,000 in Bitcoin or Monero.
GFN.am later confirmed that a cybersecurity incident took place between March 20 and March 26. The company said the exposed information may include full names tied to Google accounts, email addresses, phone numbers registered through mobile operators, dates of birth, and usernames.
The regional operator also clarified that passwords were not exposed in the breach and said users who signed up after March 9 are not affected.
GeForce NOW is NVIDIA’s cloud gaming platform that allows users to stream games running on high-performance NVIDIA GPU servers. GFN.am manages GeForce NOW services in Armenia and also handles operations in Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan, although no confirmed impact has been reported in those countries so far.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
The hacker forum post advertising the database has since been removed. It remains unclear whether the data was sold or if the listing was deleted by the seller or forum administrators.
