Last week, Nvidia announced that it was investigating a possible data breach. Now the company confirms that its systems were compromised and that hackers captured “employee credentials and some NVIDIA proprietary information”.
Nvidia does not specify who they suspect is behind the attack, what the attackers were trying to accomplish, or what type of information was stolen. However, they announced that their operations are running normally and they do not expect any business interruptions.
Nvidia has reported the data breach to authorities, who have advised them not to comply with ransom demands. The company has also strengthened their data security after the attack.
The hacking group known as “LOPSUS$” has claimed responsibility for the hack, announcing last week that they had penetrated Nvidia’s systems and stolen a total of one terabyte of data. The group claims to have had access to Nvidia’s servers for a week. According to the group, the files they got hold of contained information about Nvidia’s crypto-mining limiter, called LHR, the company’s DLSS technology, and plans for future graphics cards.
The group has now started leaking data about upcoming graphics cards, hoping that Nvidia will pay them a ransom to prevent further leaks. They are also threatening to make the proprietary DLSS technology “open source”, as well as to leak the way for removing the mining limiter on Nvidia’s graphics cards.
According to Videocardz, the group may have already started selling information about the mining limiter online, but this has not been confirmed. The group itself writes that they offer to stop publishing certain data if Nvidia removes the LHR limiter themselves and make their drivers available as open-source code.
This could be interpreted as the group not having enough data to break the LHR limiter itself.
In a surprising twist, the hackers reported last week that Nvidia had attempted to hack them back and that they had allegedly succeeded in encrypting the files on the hackers’ computers. However, they also claim that they had already made backup copies of the stolen data.
The group is allegedly demanding payment in cryptocurrency, but there is little indication that Nvidia will comply or contact the group.