"Our investigation found no impact on NVIDIA-operated services. The issue is limited to systems run by a third-party GeForce NOW Alliance partner based in Armenia," NVIDIA said in a statement to BleepingComputer.
Compromise of a regional partner in Armenia
NVIDIA confirmed that a GeForce NOW user-data exposure stemmed from a compromise of infrastructure operated by a regional partner, not from NVIDIA’s own network. The company said it is working closely with the partner to support their investigation and resolution, and that impacted users will be notified by GFN.am.
GFN.am timeline and the fields the operator says were exposed
GFN.am, the Armenian regional operator for GeForce NOW, posted a confirmation that a cybersecurity incident took place between March 20 and March 26. In its statement the operator said the incident exposed the following information:
- Full name (if using a Google account)
- Email address
- Phone number (if registered through a mobile operator)
- Date of birth
- Username
GFN.am also clarified that no account passwords were exposed in the incident, and that any users who registered to the service after March 9 are not impacted.
Claims by the threat actor using the "ShinyHunters" nickname
Last week a threat actor using the ShinyHunters nickname posted on a hacker forum claiming to have breached the GeForce NOW service and stolen millions of user records. According to that post, the stolen information included full names, email addresses, usernames, dates of birth, membership status, and 2FA/TOTP status. The actor also posted samples of the stolen data and offered the full database for $100,000 to be paid in Bitcoin or Monero.
BleepingComputer reported that the threat actor’s forum post has since been removed; it is unclear whether the database was sold to a buyer or if the seller or forum administrators deleted the listing.
Geographic footprint and potential regional implications
GFN.am operates as NVIDIA’s regional GeForce NOW operator in Armenia. NVIDIA’s help page, cited in the reporting, lists GFN.am as also responsible for managing GeForce NOW operations in Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan. NVIDIA and GFN.am have said the issue is limited to the partner’s systems in Armenia; no impact on those other countries has been confirmed.
What this means for GFN.am users, NVIDIA, and regional operators
- GFN.am users: Those who registered on or before March 9 and who used Google account sign-in or registered a phone number through a mobile operator should watch for direct notifications from GFN.am and verify email and phone-security settings; GFN.am has said it will notify impacted users.
- NVIDIA: The company characterized the incident as isolated to a partner-operated environment, stated that NVIDIA-operated services were not impacted, and said it is supporting the partner’s investigation and resolution efforts.
- Regional operators and alliance partners: The incident highlights that Alliance partner environments can run independent authentication systems, local customer databases, regional billing platforms, and locally managed infrastructure—areas operators will need to review and secure in coordination with platform owners.
The public record from NVIDIA and GFN.am establishes a narrow but concrete chain of facts: a March 20–26 compromise at partner-operated systems in Armenia, confirmed exposure of names, emails, dates of birth, usernames and some phone numbers, and a separate claim by a threat actor that additional fields and millions of records were taken and offered for sale. NVIDIA and the operator are treating the matter as a partner-level incident and say notifications and investigations are underway; the hacker forum posting has been removed and its outcome remains unknown.
Link to original reporting: https://www.bleepingcomputer.com/news/security/nvidia-confirms-geforce-now-data-breach-affecting-armenian-users/




