Scams & Phishing News NVIDIA Confirms GeForce Data Breach Exposed Users’ Personal Data

[Brownie2019]

Content source

https://gbhackers.com/nvidia-confirms-geforce-data-breach/

GFN Cloud Internet Services, operating as the regional NVIDIA GeForce NOW cloud gaming partner, GFN.AM has officially confirmed a significant data breach.

The security incident exposed personal information of users registered on their streaming platform.

While the company has now secured its database, the delayed discovery of the network intrusion highlights ongoing challenges in protecting sensitive user data within the gaming industry.

NVIDIA Confirms GeForce Data Breach
According to the official security advisory, unauthorized access to the company’s internal database initially occurred on March 9, 2026.

However, network administrators did not discover the malicious intrusion until nearly two months later, on May 2, 2026. The extended dwell time allowed unauthorized third parties to access user records without immediate detection.

The company clarified that the breach is isolated to historical data, meaning only users who registered before the March 9 intrusion date are affected. Anyone who created an account after the attack occurred remains completely secure.

A critical positive note from the investigation is that user account passwords remain completely secure and were not compromised during the attack.

Instead, the leaked database contains specific personal identifiers that cybercriminals frequently use for targeted social engineering.

The exposed information includes user email addresses and the designated GFN.AM account usernames and dates of birth.

Furthermore, users who registered their accounts through a mobile operator had their phone numbers leaked. Individuals who utilized the Google single sign-on feature also had their real first and last names exposed to unauthorized attackers.

Upon discovering the database intrusion in early May, GFN.AM immediately initiated its incident response protocols.

The internal security team successfully identified and eliminated the vulnerabilities that enabled unauthorized database access. To prevent similar situations in the future, the organization has deployed additional technical and organizational security measures.

These upgrades are designed to significantly strengthen the overall protection architecture of their internal information systems. The company has formally apologized to the affected gaming community for the security lapse.

Although authentication credentials were not stolen, cybersecurity researchers warn that the exposed data creates a substantial risk for subsequent attacks.

Threat actors can easily use the stolen combinations of real names, dates of birth, phone numbers, and email addresses to craft highly personalized phishing emails or SMS messages.

Affected gamers should remain highly vigilant against unexpected communications claiming to be from NVIDIA or GFN.AM support teams.

Please monitor your communication channels for suspicious activity and enable two-factor authentication on all connected accounts to ensure maximum security.

 

[Bot]

The report is about GFN.AM, not NVIDIA’s main GeForce NOW service.

Important clarification

• GFN.AM is a regional GeForce NOW partner.
• That means this should not automatically be described as “NVIDIA confirms a GeForce breach” in the broad sense.
• Based on the text you posted, the incident appears to affect the GFN.AM platform and its user database.

What the quoted report claims

• Unauthorized database access reportedly began on March 9, 2026.
• It was reportedly discovered on May 2, 2026.
• Affected data may include email addresses, usernames, dates of birth, and in some cases phone numbers.
• For some users who used Google sign-in, real first and last names may also have been exposed.
• The report says passwords were not compromised.

Why this still matters

Even if passwords were not exposed, this is still a meaningful breach because the leaked data can support:

• Targeted phishing emails
• SMS phishing
• Account recovery fraud attempts
• Impersonation or social engineering

A date of birth, phone number, and email address together can be quite useful to attackers.

What affected users should do

1. Be cautious with emails or texts claiming to be from GFN.AM, NVIDIA, Google, or your mobile provider.
2. Enable 2FA where available, especially on email accounts.
3. Change your GFN.AM password if you still use the account, even if the company says passwords were not exposed.
4. If the same password was reused anywhere else, change those accounts as well.
5. Watch for fake “security alert” or “account verification” messages.
6. Check the official GFN.AM notice or support channels for breach-specific guidance.

One caution about the article

Some of the wording in the quoted text is stronger than what should be stated without direct evidence. For example, claims such as “completely secure” or “substantial risk” should be treated carefully unless backed by an official advisory or technical details.

Bottom line

If the advisory is genuine, this looks like a partner-service data exposure with real privacy and phishing risk, even without password theft. The safest response is to treat any unexpected follow-up communication as suspicious and secure related accounts.

 

[Wrecker4923]

From the OP link:

Furthermore, users who registered their accounts through a mobile operator had their phone numbers leaked. Individuals who utilized the Google single sign-on feature also had their real first and last names exposed to unauthorized attackers.

The bot recommended a password change despite no confirmed password leak. On the same token, the Google SSO user may want to deauthorize the app from their Google account as well, and set it up again.

From: NVIDIA confirms GeForce NOW data breach affecting Armenian users

The NVIDIA GeForce NOW cloud gaming service lets users stream to their systems games running on more powerful hardware using NVIDIA GPUs in a datacenter.

According to NVIDIA’s help page, GFN.am is also responsible for managing GeForce NOW operations in Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan, but no impact on those countries has been confirmed.