NVIDIA confirms GeForce NOW data breach affecting Armenian users

Summary

NVIDIA confirmed that GeForce NOW user data was breached, but clarified the incident was limited to GFN.am, an Armenian regional partner operating the service, not NVIDIA's own infrastructure. The breach occurred between March 20-26, 2026, and exposed full names, email addresses, phone numbers, dates of birth, and usernames of an unspecified number of users. A threat actor claiming to be ShinyHunters (likely an imposter) posted samples and offered the full database for $100,000 in cryptocurrency, though the post has since been removed.

Full text

NVIDIA confirms GeForce NOW data breach affecting Armenian users By Bill Toulas May 8, 2026 12:18 PM 3 NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach. The gaming and hardware giant has clarified that the impact is limited to Armenia, and was caused by a compromise of the infrastructure operated by a regional partner. The company added that its own network was not impacted by the incident. “Our investigation found no impact on NVIDIA-operated services. The issue is limited to systems run by a third-party GeForce NOW Alliance partner based in Armenia. We are working closely with the partner to support their investigation and resolution. Impacted users will be notified by GFN.am,” the company said. The statement comes in response to a post last week on a hacker forum from a threat actor using the ShinyHunters nickname, claiming to have breached the GeForce NOW service and stolen millions of user records. However, the ShinyHunters actor who published the breach on the hacker forum is believed to be an imposter. According to the threat actor, the stolen information includes full names, email addresses, usernames, dates of birth, membership status, and 2FA/TOTP status. The threat actor also posted samples of the stolen data and offered the full database for $100,000 paid in Bitcoin or Monero. Threat actor's post on hacker forumsSource: DailyDarkWeb The NVIDIA GeForce NOW cloud gaming service lets users stream to their systems games running on more powerful hardware using NVIDIA GPUs in a datacenter. GFN.am is the Armenian regional operator for GeForce NOW, responsible for operating NVIDIA’s service in the country. Alliance partner environments can operate independent authentication systems, local customer databases, regional billing platforms, and locally managed infrastructure. A statement posted by GFN.am confirms a cybersecurity incident that took place between March 20 and 26 and exposed the following information: Full name (if using a Google account) Email address Phone number (if registered through a mobile operator) Date of birth Username GFN.am has clarified that no account passwords were exposed in the incident, and any users who registered to the service after March 9 are not impacted. According to NVIDIA’s help page, GFN.am is also responsible for managing GeForce NOW operations in Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan, but no impact on those countries has been confirmed. BleepingComputer found that the threat actor’s post has now been removed from the hacker forum. It is unclear if the database has been sold to a buyer or if the seller or forum administrators deleted it. Update [14:14]: Added information that the threat actor may be a ShinyHunters impersonator. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: European Commission confirms data breach after Europa.eu hack7-Eleven confirms data breach claimed by the ShinyHunters gangHome security giant ADT data breach affects 5.5 million peopleVideo service Vimeo confirms Anodot breach exposed user dataMedtronic confirms breach after hackers claim 9 million records theft

Indicators of Compromise

• malware — ShinyHunters
• domain — GFN.am

Entities