Cloud Gaming Compromise: NVIDIA Partner GFN.am Hit by Data Breach Exposing Millions of Records

NVIDIA has corroborated a data breach involving a subset of GeForce NOW subscribers, though the incursion was notably divorced from the corporation’s internal infrastructure. The compromise originated within the regional architecture of a service ally in Armenia, where GeForce NOW’s cloud gaming operations are facilitated through the local provider, GFN.am.

Awareness of the breach emerged following a disclosure on a clandestine hacking forum. An individual operating under the pseudonym “ShinyHunters” asserted that they had infiltrated the GeForce NOW database, exfiltrating millions of user records; however, subsequent conjectures suggest the post was authored by an impersonator rather than a genuine member of the collective.

According to the adversary, the purloined data included full names, electronic mail addresses, usernames, dates of birth, subscription statuses, and details regarding two-factor authentication settings. While a fragment of these records was disseminated as a representative sample, the comprehensive database was offered for sale at a valuation of $100,000, payable in Bitcoin or Monero. The forum thread has since been expunged, leaving it uncertain whether the data was successfully auctioned or removed by the author or site moderators.

NVIDIA emphasized that its proprietary services remained unscathed, as the investigation localized the incident within the systems of its GeForce NOW Alliance partner in Armenia. While NVIDIA is assisting GFN.am in remediating the breach and conducting a forensic audit, the responsibility for notifying impacted users rests with the local operator.

GFN.am confirmed the security incident, specifying that the assault transpired between March 20 and March 26. The company acknowledged that registration details—including full names provided via Google, email addresses, phone numbers from mobile registrations, dates of birth, and usernames—may have been exposed. Crucially, GFN.am maintains that account passwords were not compromised in the exfiltration.

The operator further clarified that subscribers who registered after March 9 remained unaffected. Although NVIDIA’s documentation indicates that GFN.am manages GeForce NOW operations beyond Armenia’s borders, there is currently no definitive evidence suggesting the breach extended to those additional jurisdictions.