- Nvidia confirmed a GeForce NOW related breach involving regional partner GFN.am.
- Exposed data reportedly includes names, emails, usernames, and phone numbers.
- Nvidia says its own systems and user passwords were not compromised.
- Most global GeForce NOW users are unlikely to be affected by the incident.
Nvidia has confirmed a cybersecurity incident involving GeForce NOW, its cloud gaming platform that allows users to stream high performance PC games across devices. While the news initially raised concerns about a wider compromise, the company says the breach was isolated to infrastructure operated by a regional partner rather than Nvidia’s own systems.
The incident reportedly affected GFN.am, a partner responsible for GeForce NOW operations across Armenia and several neighboring regions including Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan. According to reports, attackers gained access to customer information during a breach window that lasted from March 20 to March 28, 2026.
The stolen data allegedly includes names, email addresses, usernames, dates of birth, phone numbers, membership details, and two factor authentication status information. A threat actor later advertised the database for sale on an underground hacking forum, demanding $100,000 in cryptocurrency payments.
Despite the alarming claims, Nvidia says its own infrastructure and services were not compromised.
Why most GeForce NOW users are likely safe
For the majority of GeForce NOW subscribers worldwide, the incident appears to carry limited risk. Nvidia emphasized that the breach was restricted to a regional provider and did not impact the broader Nvidia operated platform.
GFN.am also confirmed that passwords were not exposed during the attack. That significantly reduces the chances of immediate account takeovers, especially for users who maintain strong and unique login credentials.
Another important detail is that users who registered after March 9, 2026, were reportedly not affected. While the exact number of impacted customers remains unknown, the scope appears far smaller than initial underground forum claims suggested.
The company is expected to notify affected users directly as investigations continue. Security experts still recommend that potentially impacted users change passwords, enable two factor authentication where possible, and monitor accounts for suspicious activity.
ShinyHunters name adds confusion to the incident
The attacker reportedly used the name ShinyHunters while advertising the stolen data online. That immediately attracted attention because the real ShinyHunters group has been linked to several major data breaches in recent years.
However, reports indicate the actual ShinyHunters group denied involvement and claimed the individual behind the listing was an imposter attempting to exploit the group’s reputation for credibility.
That confusion added another layer of uncertainty around the breach. Shortly after the database listing surfaced online, the forum thread disappeared. There are several possible explanations for its removal.
Some speculate the data may have been privately purchased. Others believe administrators removed the thread after doubts emerged regarding the attacker’s identity. There is also the possibility that negotiations took place behind the scenes to contain the leak.
At this stage, there is no public evidence suggesting Nvidia itself engaged directly with the attackers.
Another reminder of growing gaming platform risks
The GeForce NOW incident highlights a growing challenge facing modern gaming services. Even when core infrastructure remains secure, third party vendors and regional partners can become attractive targets for cybercriminals.
Cloud gaming platforms store large amounts of user information tied to subscriptions, payment systems, and gaming identities. Attackers increasingly target these ecosystems because stolen databases can be resold, used in phishing campaigns, or exploited for credential stuffing attacks.
What makes this case notable is how quickly the breach narrative escalated online before Nvidia clarified the situation. Initial claims suggested millions of records tied directly to Nvidia systems had been exposed. The reality appears more contained, though still serious for affected regional users.
For now, Nvidia says its investigation found no evidence of compromise within Nvidia operated services. Still, the company is working closely with GFN.am to support the ongoing investigation and response efforts.
Users in affected regions should remain cautious and stay alert for suspicious emails or login attempts in the coming weeks.
Follow TechBSB For More Updates
