New details from last week’s hack of technology company Nvidia reveal that login information for over 70,000 employees might have been leaked.
The monitoring website Have I Been Pwned claims that sensitive work data including email addresses and NTLM password hashes of 71,355 employees were made accessible to the hacking community in the cyberattack.
However, Tom’s Hardware noted some discrepancies in the number of employee credentials that were claimed to have been leaked in the hack. Nvidia has confirmed that its current global employee count is only approximately 20,000. The publication suggests that the data might include information from former employees or those who have multiple email accounts connected at work.
The hacking group Lapsus$, based out of South America, claims it orchestrated the hack and Nvidia has also confirmed that its IT resources were compromised. The Santa Clara, California-based company released a statement saying: “We are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online.”
Upon initial news of the hack and information leak, reports indicated that Lapsus$ had gained access to over 1TB of data from Nvidia, including schematics, drivers, and firmware details.
In particular, the leak appears to have confirmed the existence of the Ada, Hopper, and Blackwell GPU architectures. The Ada architecture might be used for Nvidia’s next-generation GeForce RTX 40-series GPUs.
The publication VideoCardz shared screenshots of Lapsus$ detailing its exploits and also reported that Nvidia attempted a counterattack, but Lapsus$ already had the hacked data encrypted and backed up.
Bloomberg also reported that the hack has not affected Nvidia’s business and commercial activities, while a source familiar with the matter told the publication that the cyberattack “looks to be relatively minor and not fueled by geopolitical tensions.”
