Nvidia forum hacked, 400,000 user accounts compromised

Nvidia earlier said that it has suspended the Nvidia forums in response to suspicious activity and has immediately begun an investigation. According to their investigation, some unauthorized third parties have gained access to some user information which includes username, email address, hashed passwords with random salt value and public-facing "About Me" profile information. Reports now reveal that Nvidia has confirmed the hack, and also revealed that up to 400,000 of its user accounts were swiped by the hackers. These accounts belonged to users of the Nvidia Forum, Developer Zone, and Research Site and the company has suspended all three.

NVIDIA still going all guns blazing

Nvidia forum hacked...


Nvidia’s web page said earlier, “We are employing additional security measures to minimize the impact of future attacks. All user passwords for our Forums will be reset when the system comes back online. At that time, an email with a temporary password, along with instructions on how to change it, will be sent to the user’s registered email address. As a precautionary measure, we strongly recommend that you change any identical passwords that you may be using elsewhere.”

Reportedly, Nvidia has suspended five of its websites as it investigates the matter. Nvidia has said that it has contacted affected users and will update users if they hear more about the company's findings in regards to the attack.

Nvidia forum hack follows the recent LinkedIn and Yahoo! hacks. Earlier 6.5 million LinkedIn hashed passwords were stolen and subsequently published on unauthorized websites. Lax security by LinkedIn was blamed for the hack. Security experts had pointed out that LinkedIn neither has a Chief Information Officer (CIO) nor a Chief Information Security Officer (CSIO) whose job is to monitor breaches. Furthermore, there are no penalties for such companies who are responsible for breach of customers' data. In fact, after the LinkedIn password breach, the company’s stock rose. Moreover, LinkedIn wasn’t a new start-up. It rakes in the moolah by helping companies to hire top talent and it entered initial public opening last year.

Then, hackers belonging to a hacking collective called D33Ds Company had retrieved and dumped login details of more than 400,000+ Yahoo! Voice user accounts in plain text. The hackers used a union-based SQL injection attack to get away with the information stored in the database. Reporting on the issue, Ars Technica's Dan Goodin wrote that the union-based SQL injection hacking technique used here affects inadequately secured web applications that do not "properly scrutinize text entered into search boxes and other user input fields". He added, "By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information." Earlier, the music website Lastfm.com and the dating website eHarmony were also attacked.

Published Date: Jul 14, 2012 11:38 am | Updated Date: Jul 14, 2012 11:38 am