NVIDIA confirmed that a GeForce NOW breach exposed user information connected to an Armenian cloud gaming provider. The company said the incident only affected systems operated by GFN.am, a regional GeForce NOW Alliance partner. NVIDIA also stated that its own infrastructure was not compromised.
The breach surfaced after a threat actor claimed to possess millions of user records allegedly stolen from the gaming platform.
NVIDIA said its systems were not compromised
NVIDIA stated that the incident was limited to infrastructure operated by GFN.am in Armenia. The company said there was no evidence that NVIDIA-controlled systems or central GeForce NOW infrastructure were breached.
According to NVIDIA, the regional provider is currently investigating the incident and notifying affected users. The company also said it is cooperating with the Armenian partner during the response process.
GFN.am later acknowledged the security incident and confirmed that it had already taken steps to contain the breach and strengthen protections.
Hackers claimed they stole customer records
The incident became public after a threat actor posted claims online alleging access to GeForce NOW user data. The attacker claimed to possess millions of customer records connected to the Armenian platform.
According to reports, the allegedly exposed information included usernames, email addresses, dates of birth, account status details, and two-factor authentication status.
The threat actor reportedly attempted to sell the database online for cryptocurrency. However, researchers noted that the individual may not actually be connected to the original ShinyHunters cybercrime group despite using the same name.
Security researchers continue examining whether the leaked dataset is authentic and how much information was actually exposed during the breach.
Passwords were reportedly not exposed
Reports stated that passwords were not included in the compromised data. NVIDIA and GFN.am both indicated that account passwords remained protected during the incident.
Even so, researchers warned that exposed email addresses and account details can still create phishing and social engineering risks. Attackers often use stolen account information to launch fake login campaigns and credential theft attacks.
Security experts advised affected users to remain cautious about suspicious emails and messages connected to GeForce NOW accounts. Researchers also recommended enabling two-factor authentication for additional account protection.
Third-party infrastructure increased security risks
GeForce NOW operates globally through a combination of NVIDIA-managed systems and regional Alliance partners. These local providers operate infrastructure and customer services in specific countries and regions.
Researchers noted that this structure can create inconsistent security protections across the platform. A breach involving one regional provider may still expose user data even if NVIDIA’s central systems remain secure.
The incident also highlighted growing concerns surrounding third-party infrastructure and outsourced cloud platform operations. Many companies rely heavily on external providers to deliver online services globally.
As cybercriminal groups continue targeting cloud environments and partner ecosystems, regional service providers may face increasing security pressure.
Conclusion
The GeForce NOW breach exposed user data connected to an Armenian Alliance partner after threat actors claimed access to customer records. NVIDIA stated that its own systems were not compromised and said the incident remained isolated to infrastructure operated by GFN.am. Although passwords were reportedly not exposed, the breach still raised concerns about phishing risks, third-party platform security, and regional cloud service providers.
0 responses to “GeForce NOW breach affects Armenian users”