Security alert: personal data from GeForce NOW users exposed by a regional partner in Armenia

NVIDIA confirmed that information from GeForce NOW users was exposed in an incident that affected the infrastructure operated by its regional partner in Armenia, GFN.am, and not the services directly administered by the company. According to the initial investigation, the gap took place between March 20 and 26 and, although NVIDIA claims that its network was not compromised, the filtered data include full names (when the record was made with Google), e-mails, phone numbers registered by mobile operators, birth dates and user names.

The actor who published samples in forums was attributed the authorship with the alias known in the cybercrime scene as ShinyHunters and claimed to have millions of records, offering the basis for a payment in Bitcoin or Monero. Although the post was removed and there is no public confirmation of a sale, the possibility that the data have been replicated or acquired remains in force and increases the risk to those affected.

What makes this filtration particularly relevant It is not only the nature of the fields exposed, but the context: as it is a regional operation managed by an ally of the GeForce NOW programme, the incident shows the fragility of suppliers and subcontractors in global service chains. Partner environments can run local authentication, customer databases and independent billing walkways, so an incident in a region can escape the central control of the main supplier.

GFN.am has indicated that passwords were not leaked and that users registered after 9 March are not affected; however, the exposure of postcards, birth dates and phones remains valuable for social engineering attacks, phishing attempts and SIM exchange fraud. In addition, information on the status of 2FA / TOTP allows the attacker to prioritize targets with less secondary protection.

Immediate recommendations for potentially affected users: be attentive to official GFN.am communications (they will be the ones who notify), change passwords if they re-use credentials in other services, and strengthen multi-factor authentication preferably with physical keys (FIDO2 / USB / NFC) or authentication applications rather than SMS. If your mobile number is part of the register, consider talking to your operator to activate a portability PIN or SIM swap protection and monitor bank transactions and access to related accounts.

To check if your mail appeared in other leaks, use reliable services such as Have I Been Pwned. For details of media coverage and public statements, see the technical report published by Bleeping Computer and the official communication of the regional subsidiary in GFN.am.

What NVIDIA and its partners should do: continuous transparency with users and regulatory authorities, forensic audits published with commitment indicators where possible, and an urgent review of the partners' contracts and security controls. The operational fragmentation of global services requires minimum standards of cyberhygiene applicable to all allies, including data encryption at rest, robust access management, centralized or federated authentication with guarantees and periodic penetration tests.

The incident is a reminder that security does not end at the main supplier's door: the real strength of a cloud service depends on each link of its chain. For users, the most important rule remains not to re-use credentials, use solid MFA methods and distrust unexpected communications that request data or redirect to input portals.