71,000 Employees’ Credentials Exposed as a Result of NVIDIA Data Breach
Recent Security Breach Impacting Giant Chipmaker Results in Exposure of Employees’ Login Data.
Recently, we have written about an NVIDIA data breach confirmed by the company itself. As their statement goes, they have found out about it on the 23rd of February and have started an investigation, mentioning that no evidence of a ransomware attack was identified. Over the weekend, the hacking group dubbed Lapsus$, claimed to be behind the cyberattack. Now an update from Have I Been Pwned gives more details on this topic.
New Details About the NVIDIA Data Breach from Have I Been Pwned
Have I Been Pwned, the notification service focusing on data breaches, has recently added new information to its database including 71,335 compromised accounts related to the NVIDIA data breach.
Have I Been Pwned is a security service that lets you check if your email address or personal data has been compromised in a data breach.
As seen in the print screen above, Have I Benn Pwned mentioned on their website that the Nvidia data breach involved email addresses and NTLM password hashes.
On March 1st, the chipmaker company confirmed that its network had been hacked in February, with threat actors getting access to login credentials of employees as well as to confidential information.
Following NVIDIA’s first statement that it was investigating an incident with some impact on its systems, as the Telegraph reported, Lapsus$, a data extortion group claimed responsibility for this attack together with declaring the theft of 1TB of Nvidia’s network data. During the weekend, Lapsus$ released further information regarding the hack consisting of a 20GB archive with Nvidia servers’ data. What’s more, this archive also included password hashes of the business personnel.
According to the BleepingComputer publication, the hacking group warned Nvidia to perform hardware information leakage if the GeForce RTX 30 Series firmware’s lite hash rate (LHR) constraints were not removed.
It was also reported that the threat actor group requested the chipmaker company to agree to open-sourcing its GPU drivers for Windows, macOS, and Linux devices. This request’s deadline was March 4, Friday.
Then Nvidia said on Tuesday that it identified “a cybersecurity event that damaged IT resources” on February 23rd, as the same publication mentions, following the initial refusal of the company to confirm the threat actors’ allegations.
However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. (…) We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.
What Does a Data Breach Refer to?
A data breach is a cyber-attack that exposes sensitive information to unauthorized parties. It can happen to any company, from a small business to a large corporation which might have consequences on the business flow.
How Can You Protect Against Data Breaches with Heimdal™?
Data breaches can do harm to your company, but here’s the good news: they can also be prevented by implementing efficient and aligned to the market’s necessities cybersecurity solutions. If you choose the Heimdal suite, you can delight yourself with a broad range of products all promoting the concept of unified cybersecurity, from Threat Prevention that keeps away cyberattacks at the domain name system level to Patch and Asset Management that closes off vulnerabilities in your software and Privileged Access Management that lets you have control over privileged sessions in your company, and many more. You can visit our home page to find more and choose what best suits your needs!