The email addresses and passwords of more than 71,000 NVIDIA employees were likely stolen in a recent cyberattack and are now circulating within underground communities.
On February 23, hackers managed to compromise NVIDIA’s network and steal not only employee credentials but also proprietary information.
The Lapsus$ ransomware gang, which claimed responsibility for the attack and apparently asked the chip maker to pay $1 million for the stolen data, started leaking the compromised information over the weekend, saying the move was retaliation to NVIDIA’s alleged attempt to hack them back.
Earlier this week, the company confirmed that sensitive data was stolen in the incident, but provided no details on the number of impacted individuals or the manner in which its network was breached.
According to data breach monitoring website Have I Been Pwned, however, the hackers managed to exfiltrate the credentials of roughly 71,300 NVIDIA employees.
The attackers stole email addresses and NTLM password hashes, and were subsequently able to crack many of these, after which they made them available to other hacking community members.
As part of the incident, the hackers also appear to have stolen two expired code signing certificates. According to Rochester Institute of Technology researcher Bill Demirkapi, “Windows still allows them to be used for driver signing purposes.”
Related: NVIDIA Confirms Employee Credentials Stolen in Cyberattack
Related: Insurance Broker Aon Investigating Cyber Incident
Related: Conti Chats Leaked After Ransomware Gang Expresses Support for Russia

More from Ionut Arghire
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- Vulnerability Provided Access to Toyota Supplier Management Network
- Linux Variant of Cl0p Ransomware Emerges
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
Latest News
- Germany Appoints Central Bank IT Chief to Head Cybersecurity
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
