Jump to content
  • NVIDIA data breach exposed credentials of over 71,000 employees


    Karlston

    • 592 views
    • 2 minutes
     Share


    • 592 views
    • 2 minutes

    More than 71,000 employee credentials were stolen and leaked online following a data breach suffered by US chipmaker giant Nvidia last month.

     

    The Have I Been Pwned data breach notification service has added data belonging to 71,335 compromised accounts to its database on Wednesday.

     

    Have I Been Pwned says the stolen data contains "email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community."

     

    Nvidia confirmed on March 1st that its network was breached last month, with the attackers gaining access to employees' login data and proprietary information.

    Attack claimed by the Lapsus$ extortion gang

    Nvidia said it was investigating an "incident" that had reportedly impacted some of its systems, causing a two-day outage after news of the incident first came to light almost a week ago.

     

    The same day, a data extortion group dubbed Lapsus$ claimed the attack and provided details regarding the incident, including that they stole 1TB of data from Nvidia's network.

     

    Over the weekend, Lapsus$ shared even more details about the intrusion and leaking a 20GB archive containing data stolen from Nvidia's systems, as well as company employees' password hashes, 

     

    The group threatened to leak hardware specifications info unless lite hash rate (LHR) limitations from GeForce RTX 30 Series firmware were not removed.

     

    Lapsus$ also asked Nvidia to commit to open-sourcing their GPU drivers for Windows, macOS, and Linux devices until Friday, March 4th, to avoid having stolen information on all recent GPUs, including the RTX 3090Ti, leaked online.

     

    nvidia-telegram.jpg

    Lapsus$ claiming the attack on Nvidia (BleepingComputer)

    After refusing to confirm the extortionists' claims, Nvidia told BleepingComputer Tuesday that it detected "a cybersecurity incident which impacted IT resources" on February 23rd.

     

    The company added that it found no evidence of a ransomware attack, although the threat actor still managed to steal employee credentials and proprietary data, confirming Lapsus$'s claims.

     

    "However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information," Nvidia told BleepingComputer.

     

    "We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident."

     

     

    NVIDIA data breach exposed credentials of over 71,000 employees


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...