NVIDIA Data Breach Exposes GeForce User Data, Leaked Employee Credentials
Key Takeaways An NVIDIA GeForce NOW cloud gaming service provider, GFN.AM, experienced a data breach. Personal information for users registered on or before March 9, 2026, including email addresses,...
Key Takeaways
- An NVIDIA GeForce NOW cloud gaming service provider, GFN.AM, experienced a data breach.
- Personal information for users registered on or before March 9, 2026, including email addresses, phone numbers, and full names, was exposed.
- Account passwords were not compromised, but the leaked data heightens the risk of phishing, SIM swapping, and social engineering attacks.
GFN.AM Data Breach Impacts GeForce NOW Users
GFN.AM, an authorized provider of the NVIDIA GeForce NOW cloud gaming service operating under the entity “GFN CLOUD INTERNET SERVICES” LLC, has confirmed a data breach affecting the personal information of its registered user base. The incident, publicly disclosed on May 5, 2026, revealed that unauthorized access to the company’s database began nearly two months earlier, on March 9, 2026.
Table Of Content
The breach went undetected until May 2, 2026, creating a 54-day window during which threat actors potentially accessed user records. GFN.AM verified that the malicious party successfully gained entry to its backend database, leading to the exfiltration or viewing of sensitive user data.
Crucially, only accounts created on or before March 9, 2026, are affected by this security incident. Users who registered after this date were not impacted.
Compromised Data Categories
According to the official statement from GFN.AM, the following categories of personal data may have been compromised:
- Email addresses
- Phone numbers (for users who registered via a mobile operator)
- Date of birth
- Full name (first and last), specifically for users who authenticated through Google Sign-In
- GFN.AM platform username
While the company explicitly stated that user account passwords were not compromised, mitigating the immediate threat of direct account takeover, the combination of exposed email addresses, phone numbers, and full names presents a substantial risk. This data is highly valuable for sophisticated phishing campaigns, SIM swapping attacks, and various forms of social engineering targeting affected individuals.
Company Response and Mitigation
Upon discovering the breach, GFN.AM reported taking immediate action to address the root cause of the unauthorized access. The provider has also implemented additional organizational and technical security measures to strengthen its information systems and reduce the likelihood of future incidents. However, the public disclosure did not provide specific technical details regarding the nature of the breach, such as whether it involved compromised credentials, an unpatched vulnerability, or a misconfigured database.
Security experts emphasize that even without password exposure, the leaked personal identifiers are extremely useful to cybercriminals. Such data is frequently leveraged in targeted phishing schemes and credential-stuffing attacks. Users who utilized Google Sign-In should be particularly vigilant, as their full names were among the exposed fields.
GFN.AM has not yet publicly confirmed whether individual notifications will be sent to affected users or if relevant regulatory authorities have been informed of the breach.
What You Should Do
Users registered with GFN.AM on or before March 9, 2026, should take the following proactive steps:
- Actively monitor all email accounts for suspicious login attempts, password reset requests, or any unsolicited messages that appear to be phishing attempts.
- Exercise extreme caution with any unexpected calls or SMS messages that claim to be from or reference GFN.AM.
- Enable multi-factor authentication (MFA) on all linked Google and primary email accounts to add an extra layer of security.
- Consider placing a fraud alert with relevant financial institutions if there is any suspicion that additional, more sensitive personal data may have been compromised.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.