Computer graphics technology firm NVIDIA, a company that holds more the 5,000 patent and credited with inventing the GPU, on Thursday said it had shut down its “NVIDIA Developer Zone,” after the online community for developers had been hacked.
“We did this in response to attacks on the site by unauthorized third parties who may have gained access to hashed passwords,” a post explained commenting on the shut down. “We are investigating this matter and working around the clock to ensure that secure operations can be restored.”
NVIDIA did not say how many accounts may have been exposed as result of the breach.
The company reminded that it would never request any sensitive via by email, and that nobody should provide personal, financial or sensitive information (including new passwords) in response to any email purporting to be sent by an NVIDIA employee or representative.
This attack follows a string of attacks that occurred this week, including approximately 1M user accounts at Phandroid, an online community for Android users and developers, a breach at Yahoo! that led to the loss of 450,000 records, and attack on Formspring resulting in 420,000 hashed passwords being exposed. In other news, Best Buy reported an uptick in hacking attempts on their users’ accounts, and a vulnerability in web hosting control panel software Plesk that resulted in it being linked to a run of 50,000 websites being compromised.
"It is often the case that obvious database vulnerabilities-- such as weak passwords and default configuration settings-- are initially overlooked and never fully remediated," said Slavik Markovich, CTO of Database Security at McAfee.
“Because users often use the same password across different accounts, cyber criminals might be able to access other sites, company networks, and banking accounts if they can successfully map the compromised email address to the individual that owns it, ”said Chris Petersen, chief technology officer and founder of SIEM vendor LogRhthm.
"An organization's sensitive information can never be adequately secured if it lacks dedicated tools and processes to gain complete visibility into their databases' security weaknesses and eliminate the opportunity for the bad guys to exploit them," added Markovich.