As Nvidia hacker deadline looms, 71,000 employee accounts have reportedly been exposed


Nvidia never denied that it got hacked. The GPU giant just didn’t say all that much about what happened, either.

But now — as we wait to see whether the hackers make good on their threat to dump hundreds of gigabytes of proprietary Nvidia data on the web, including details about future graphics chips, by an unspecified Friday deadline — the compromised email alert website Have I Been Pwned suggests that the scope of the hack includes a staggering 71,000 employee emails and hashes that may have allowed the hackers to crack their passwords (via TechCrunch).

It’s not clear how Have I Been Pwned obtained this info, and Nvidia won’t say. Nvidia would not confirm or deny to The Verge whether 71,000 employee credentials have been compromised, and it would not say whether it plans to comply with any of the hackers’ demands.

It is worth noting that Nvidia has far fewer than 71,000 employees — its last annual report lists 18,975 employees across 29 countries, though it’s possible the compromised email addresses include prior employees and aliases for groups of employees. (Companies that rely heavily on email often have a lot of mailing lists.) The Telegraph’s initial report suggested that the company’s internal systems, including email, had been “completely compromised,” and a leak of 71,000 employee credentials would line up with that.

Here is all that Nvidia is actually saying today, via spokesperson Hector Marinez:

On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.

We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.

Security is a continuous process that we take very seriously at NVIDIA – and we invest in the protection and quality of our code and products daily.

That’s what we’d heard previously, and Nvidia’s cybersecurity incident response page hasn’t been updated since March 1st, either.

The LAPSUS$ hacking group, which has taken credit for the breach, had an unusually populist demand: it stated that it wants Nvidia to open source its GPU drivers forever and remove its Ethereum cryptocurrency mining nerf from all Nvidia 30-series GPUs (such as newer models of the RTX 3080) rather than directly asking for cash.

But they clearly want cash, too. The hackers have also publicly stated that they’ll sell a bypass for the crypto nerf for $1 million, and this morning, they briefly posted a message suggesting that today’s leak would be delayed while they discussed terms with a would-be buyer of Nvidia’s source code.

If Nvidia does pay up, something that’s not unheard of in these data ransom situations, I wouldn’t necessarily expect to hear about it anytime soon. It won’t necessarily be in either party’s best interests to say so. But if Nvidia doesn’t pay or comply and LAPSUS$ does have the data it claims, things might be about to get interesting.


Source link

Related articles

Xbox Series X consoles are available for Best Buy’s Totaltech members

The Xbox Series X is sometimes a little easier to buy than Sony’s PlayStation 5, but that doesn’t mean it’s a simple endeavor. The good news is that Best Buy has...

Our Flag Means Death creator David Jenkins fancies a fine narrative fabric

For many people, Our Flag Means Death was an unexpected history lesson about the adventures of Stede Bonnet, the real 18th-century pirate who loved the high seas almost as much as...

How to change your default browser in Windows 11

If you’ve updated your PC from Windows 10 to Windows 11, you may have noticed that when you click on a link for a website, a PDF document, or a variety...

Fortnite’s Zero Build mode is bringing people back to the game

Fortnite’s latest season kicked off a big shakeup: developer Epic Games removed building, perhaps the game’s most iconic feature, from the core battle royale modes. It was a risky move that...

What Elon Musk’s Twitter ‘free speech’ promises miss

Thursday morning, Elon Musk offered to buy Twitter to save free speech. “I invested in Twitter as I believe in its potential to be the platform for free speech around the...

Latest articles