The ‘Have I Been Pwned’ website suggests that the hack includes a massive 71,000 employee emails and hashes that may have allowed the hackers to crack their passwords.
Nvidia did not confirm or deny that 71,000 employee credentials have been compromised, reports The Verge.
However, the graphics chip maker has fewer employees than 71,000 as its last annual report listed 18,975 employees across 29 countries.
It is possible that the compromised email data include prior employees and aliases for groups of employees.
The company has confirmed some of its data was stolen as part of a cyberattack that occurred last week.
“On February 23, 2022, Nvidia became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement,” it said in an earlier statement.
“We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict,” it added.
“However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyse that information,” the company informed.
The LAPSUS$ hacking group has taken credit for the breach.
It stated that it wants Nvidia to open source its GPU drivers forever and remove its Ethereum cryptocurrency mining nerf from all Nvidia 30-series GPUs (such as newer models of the RTX 3080) rather than directly asking for cash.
“But they clearly want cash, too. The hackers have also publicly stated that they’ll sell a bypass for the crypto nerf for $1 million, and this morning, they briefly posted a message suggesting that today’s leak would be delayed while they discussed terms with a would-be buyer of Nvidia’s source code,” the company said.