New effects of the recent Nvidia hack continue to surface, with the latest reports claiming thousands of employee accounts were affected.
BleepingComputer notes that the Have I Been Pwned? (HIBP) breach website has now listed 71,335 compromised Nvidia accounts as having login credentials and other data taken in the attack.
Wikipedia, as well as Macro Trends, claims Nvidia as approximately 18,000 employees across the world, meaning the effects of the attack could be being felt outside of the company.
RTX 3000 in trouble
The HIBP website, which aggregates all of the data breaches that happen around the world, and offers people a way to check if any of their online accounts had been compromised, said the Nvidia hackers took “email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.”
Nvidia has confirmed a network breach that had happened last month, in which the attackers obtained a terabyte of sensitive company data from its endpoints. The company described the attack as an “incident” that impacted some of its systems for a total of two days.
International ransomware threat actor LAPSUS$ has taken responsibility for the incident, and have so far offered a tiny glimpse into the data taken.
The group has not made any demands in exchange for the data yet, but have offered a way for RTX 3000 GPU users to rid themselves of the hash rate limiter which limits the card’s Ethereum mining capability to approximately 50%.
The group said to have created, based on the data taken, a tool that can bypass Nvidia’s Lite Hash Rate limiter without “flashing” or updating the firmware on the device. However, it’s hard to know if the tool works, or if it’s just malware.
Furthermore, Lapsus$ allegedly demanded Nvidia to open-source its GPU drivers for Windows, macOS, and Linux devices until Friday, March 4, if they don’t want to have all the stolen information on its recent GPUs, including the RTX 3090Ti, leaked online.
Via: BleepingComputer