NVIDIA data breach: 71k employees exposed, weird demands from hackers

NVIDIA was hit by hackers that stole employee credentials and sensitive data related to the company

Hackers have weird demands for the company or code data gets leaked

The US chipmaker giant Nvidia was hit by a breach last month. Now it is confirmed that the data breach exposed the credentials of the 71 000 employees.^[1] The Have I Been Pwned data breach notification service added data of 71 335 compromised accounts to the database. It contains email addresses, NTLM password hashes.

The company confirmed a few days ago that the network was breached^[2] and that the attacker managed to access login information, data, proprietary information related to the company and the employees. The company states that the investigation is still ongoing on this incident. It managed to impact a few systems resulting in the two-day outage.^[3]

The attack was claimed by the Lapsus$ extortion gang. It was done on the same day as the first reports surfaced about this breach. The threat actor group also detailed the incident and revealed that 1TB of data was stolen from Nvidia's network. 20GB of archived data stolen from the system was leaked online, including password hashes of company employees.

One of the most unusual demands ever

Criminals gave the company until Friday or the source code gets released. Extortionists who stole this information from the system delivered the ultimatum for the company. Graphics cards should be allowed to mine cryptocurrencies faster, or the crown-jewel source code gets released.^[4] The group asks to remove the feature known as LHR – Lite Hash Rate.

We decided to help mining and gaming community. We want nvidia to push an update for all 30 series firmware that remove every lhr limitations otherwise we will leak hw folder. If they remove the lhr we will forget about hw folder (it's a big folder). We both know lhr impact mining and gaming.

The ransomware group also demands Nvidia to commit to open sourcing their GPU drivers for Windows, MacOS, Linux devices. The company has until March 5th to meet these demands. If not, data on all recent GPUs, RTX 3090Ti included, gets leaked online.

The company already refused to confirm these demands and whether they will be met or not, and reported that the attack started on February 23rd and that ransomware was not deployed on the machine. However, a good part of sensitive data got exfiltrated.

Data breach incidents remain breaking records

Last year, data breach incidents managed to rise in numbers. The annual report showed a 68% jump last year, which is the highest total number ever.^[5] These numbers show the number of high-profile cybersecurity attacks targeting various organizations from large companies like oil pipelines. These numbers may jump yet again in 2022.

It is believed that this consequence is inevitable because many organizations of all sizes struggle to mitigate cyber-attacks and secure the information and data that those companies hold regarding customers and citizens. Good cyber hygiene is essential, important, and crucial here.

Breaches can expose various information from login details or passwords like with this Nvidia breach, or breach data regarding Social Security numbers, healthcare provider records. Cybercriminals, however, now are focused on more targeted attacks instead of massive data theft.

Ransomware attack involvement in data breaches occurs much more often than before. The particular malware represents 22% of the reported incidents. These threat actors increase their aims at sectors like manufacturing^[6] and utilities since the number of breaches there has doubled in 2021. Cybersecurity might become a bigger issue in 2022.