NVIDIA Forums & Dev Zone Breached; Up To 400K Password Hashes Takenby Ryan Smith on July 14, 2012 6:23 AM EST
- Posted in
In what’s already been a bad week for website security breaches, NVIDIA has announced that they have become the latest victim of hackers looking to steal user credentials. After having taken down a couple of their sub-sites earlier this week due to investigate unusual activity, NVIDIA has discovered that both their Developer Zone and their forums were compromised. Altogether NVIDIA is reporting that an unknown number of accounts among the roughly 400K accounts in their system were compromised, which means it’s safest to assume that all 400K accounts were compromised.
The bad news is that the attackers did get the typical information that most forums store, including:
- email addresses
- hashed passwords with random salt value
- public-facing "About Me" profile information
The relatively good news is that like most forums NVIDIA only stored hashed & salted passwords, so the passwords themselves haven’t been directly compromised. However in the age of GPU computing a hash is only as good as the password behind it, so in the case of bad/weak passwords the attackers can recover those passwords from the stolen hashes without too much effort.
As is common with these types of breaches, NVIDIA is recommending that all users who used the same password elsewhere change their passwords on those sites & services, and to not use the same password in the future. Furthermore with the attackers being in possession of forum usernames and email addresses, users should be on the lookout for phising attacks utilizing that information.