Nvidia cyber security issue: LAPSUS$ exposes data of 71,000 employees

The data breach at chip maker Nvidia has exposed emails and hashes belonging to at least 71,000 employees.
Nvidia at trade show
The Have I Been Pwned website suggests that the hack includes a massive 71,000 employee emails and hashes that may have allowed the hackers to crack their passwords.

Nvidia did not confirm or deny that 71,000 employee credentials have been compromised, reports The Verge.

The graphics chip maker has fewer employees than 71,000 as its last annual report listed 18,975 employees across 29 countries.

It is possible that the compromised email data include prior employees and aliases for groups of employees.

The company has confirmed some of its data was stolen as part of a cyber attack that occurred last week.

Nvidia said on February 23, 2022 it became aware of a cyber security incident which impacted IT its resources. “After discovering the incident, we hardened our network, engaged cyber security incident response experts, and notified law enforcement,” Nvidia said in an earlier statement.

Nvidia said the threat actor took employee credentials and some NVIDIA proprietary information from systems and has begun leaking it online.

The LAPSUS$ hacking group, which has taken credit for the breach, stated that it wants Nvidia to open source its GPU drivers forever and remove its Ethereum cryptocurrency mining nerf from all Nvidia 30-series GPUs (such as newer models of the RTX 3080) rather than directly asking for cash.

The LAPSUS$ hacking group publicly stated that they’ll sell a bypass for the crypto nerf for $1 million. They briefly posted a message suggesting that leak would be delayed while they discussed terms with a would-be buyer of Nvidia’s source code.