With the recent DDoS attacks on Sony’s PSN, Microsoft’s Live, and other gaming related network over the holidays, it was discovered just recently that the graphic card company giant Nvidia had just recently had its internal network breached over the holidays. According to a few credible sources, Nvidia’s team has mentioned that the infiltration was directed towards the username and password database.
It seems that the compromise of Nvidia’s network occurred around the first week of December, about a week or so before the other gaming network attacks. It has been reported that Nvidia had filed a privacy notification to the California Office of the Attorney General on the 17th of December that more than 500 Nvidia employee’s accounts were compromised within the first weeks of December. The timing of the attack suggests that the hackers had long pre-meditated the attack as it went under the radar of Nvidia’s system administrators for a few days. According to a statement from Nvidia, the original breach began when a staff member’s system was compromised, the subsequent attacks spread from the employee’s terminal soon after.
This isn’t the first time Nvidia had a security mishap. Back in July of 2012, Nvidia had a very similar breach in which hackers attacked the user names and passwords of it’s employee’s and developers.
The questionable thing of all of this is that these hackers reportedly did NOT go after any of the external users accounts – only the employee users and passwords were stolen in this attack. This means that they weren’t after the abundance of casual user’s credit card info like what most hackers typically aim for. For all we know, the attack might have compromised something more significant while using the employee account theft to cover it up. Maybe it was just a test to see what they could do during the holiday while their guard was down – Time while tell.
What makes it more interesting is that Nvidia is known to use advanced silicon for a slew of supercomputers. Nvidia holds quite a few patents regarding GPU architecture among many other expensive information that could potentially be used against them. In the last few months, Samsung had actually been sued by Nvidia after ripping off at least seven of their core graphics technology patents to use for their next generation Qualcomm chipsets. Again, whether or not this is an attack on a much grander scheme remains unknown.
According the letter Nvidia sent to the Attorney General, their IT people quickly beefed up their security of its entire network within the same week in order to prevent any similar attack to occur in the future.
I’d guess this goes without saying is that if you have a Nvidia related account that is linked to any kind of important info, you should consider changing your passwords A.S.A.P. Either way, it’s an important reminder to change passwords on accounts regularly even if they’re not frequently used.
For more info on the recent Nvidia user/pass breach statement, check out https://oag.ca.gov/system/files/Notice,%2012-17-2014_0.pdf