As Nvidia hacker deadline looms, 71,000 employee accounts have reportedly been exposed

It was never denied that it was hacked. The giant didn't say much about what happened.

We are waiting to see if the hackers make good on their threat to dump hundreds of gigabytes of proprietary data on the web, including details about future graphics chips, by a Friday deadline.

It is not clear how Have I Been Pwned obtained this information. The company would not confirm or deny whether 71,000 employee credentials have been compromised, and it would not say whether it would comply with any of the demands of the hackers.

It's worth noting that there are fewer than 71,000 employees at Nvidia, and that the email addresses that were compromised may have been used by prior employees and groups of employees. Companies that rely on email have a lot of mailing lists. The Telegraph's initial report suggested that the company's internal systems, including email, had been completely compromised, and a leak of 71,000 employee credentials would line up with that.

Here is all that the company is saying today.

On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.

We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.

Security is a continuous process that we take very seriously at NVIDIA – and we invest in the protection and quality of our code and products daily.

That's what we've heard before, and the cybersecurity incident response page hasn't been updated since March 1st.

The LAPSUS$ hacking group, which has taken credit for the breach, made an unusual populist demand: it wants Nvidia to open source its drivers forever and to remove the nerf to the Ethereum mining model of the RTX 3080).

They want cash too. This morning, the hackers briefly posted a message suggesting that today's leak would be delayed while they discussed terms with a would-be buyer.

I wouldn't expect to hear about it anytime soon, because it's not something that's common in these data extortion situations. It won't be in either party's best interests to say so. If LAPSUS$ has the data it claims, things might get interesting.