NVIDIA: We've Been Hacked, User Records Lost
July 13, 2012 6:00 PM
comment(s) - last by
Fortunately passwords appear to have been strongly hashed
NVIDIA Corp. (
) had some bad news to announce late yesterday. The site
the following statement on its Forums page:
NVIDIA suspended operations of the NVIDIA Forums (forums.nvidia.com) last week.
We did this in response to suspicious activity and immediately began an investigation. We apologize that our continuing investigation is taking this long. Know that we are working around the clock to ensure that secure operations can be restored.
Our investigation has identified that unauthorized third parties gained access to some user information, including:
hashed passwords with random salt value
public-facing "About Me" profile information
NVIDIA did not store any passwords in clear text. "About Me" optional profiles could include a user’s title, age, birthdate, gender, location, interests, email and website URL – all of which was already publicly accessible.
NVIDIA is continuing to investigate this matter and is working to restore the Forums as soon as possible. We are employing additional security measures to minimize the impact of future attacks.
All user passwords for our Forums will be reset when the system comes back online. At that time, an email with a temporary password, along with instructions on how to change it, will be sent to the user’s registered email address.
As a precautionary measure, we strongly recommend that you change any identical passwords that you may be using elsewhere.
NVIDIA does not request sensitive information by email. Do not provide personal, financial or sensitive information (including new passwords) in response to any email purporting to be sent by an NVIDIA employee or representative.
), and others likely fell victim to an SQL injection attack. SQL injection attacks exploit the fact that internet user databases are publicly hosted and send them malformed request strings designed to execute disallowed commands. They can be defeated by careful programming, but implementing protections is a time intensive and expensive process, hence many companies have vulnerable databases.
[Image Source: NVIDIA Wallpapers]
NVIDIA Forums is a popular stomping ground both for gaming enthusiasts and for programmers developing GPU applications using
NVIDIA's proprietary CUDA API
The first of two major concerns arising from the NVIDIA attack is the possibility of phishing. Now that an unknown party has users emails, it could send them messages (as the NVIDIA post alludes to), trying to trick them into providing their password in plaintext or other personal details.
The second danger is the possibility that the hashed passwords could be cracked. NVIDIA did not reveal what hashing algorithm it used, but the fact that it used a random salt value indicates that its passwords were likely relatively strongly hashed.
The announcement was actually the second major announcement of a SQL injection breach on Thursday. Earlier, Yahoo! Inc. (
) announced that hackers had
found 453,000 of its user passwords
. Yahoo! was less fortunate than NVIDIA -- baffingly it decided to store its user passwords in plaintext, greatly increasing the potential damage to its users.
This article is over a month old, voting and posting comments is disabled
7/13/2012 7:26:27 PM
I don't want to jump to conclusions, but it's odd that this happened and I received three Viagra spams today. These are the first spam I've received on this account since its creation.
I guess these Viagra spammers are hard at work. They've penetrated nVidia's security. My most secure inbox is now getting reamed. Many other users are going to get screwed as well. Hopefully someone nails these guys.
End Of Line
7/13/2012 8:40:42 PM
Maybe they started using viagra to help with the penetration of security. As long as it doesn't take them more than 4 hours.
7/14/2012 1:21:19 PM
7/16/2012 4:53:37 AM
Spam-Filter? I'm afraid I can't let you do that, Dave.
"Paying an extra $500 for a computer in this environment -- same piece of hardware -- paying $500 more to get a logo on it? I think that's a more challenging proposition for the average person than it used to be." -- Steve Ballmer
Did You Partake in "Black Friday/Thursday"?
Did You Partake in "Black Friday/Thursday"?
I skipped Thanksgiving to get the Black Thursday deals!
I spent Thanksgiving with friends/family, but I lined up at midnight for the deals!
Skip Thanksgiving? Wait in line? No way, but I'll go out today and see what's left.
I prefer Cyber Monday.
I don't do deal shopping... too much stress, it just isn't worth it.
Yahoo Loses 453,000 User Passwords to Hackers
July 12, 2012, 4:45 PM
Nokia is the Victim of SQL Injection, Loses Developer Records
August 29, 2011, 8:37 AM
LulzSec Strikes Again, 1M Sony Pictures User Accounts Compromised
June 2, 2011, 6:27 PM
NVIDIA Names GTX 480, GTX 470 as First GF100 Video Cards
February 2, 2010, 10:35 AM
SanDisk Unveils Pricey iXpand USB 2.0/Lightning Drive to Expand iPhone, iPad Storage
November 13, 2014, 2:29 PM
HP's 15.6" Omen Gaming Laptop is Incredibly Thin, Powerful
November 4, 2014, 10:34 AM
Tim Cook Touts Apple’s Product Portfolio, Performance in Letter to Employees
October 21, 2014, 8:05 AM
Lenovo Once Again The Top Global PC Maker, Apple Takes 50% of PC Profits
October 9, 2014, 7:46 AM
It’s Official: HP to Split Into Two Business Units
October 6, 2014, 8:14 AM
Quick Note: HP Plans to Split PC, Enterprise Units
October 5, 2014, 4:31 PM
Most Popular Articles
Hack of Sony Pictures Indicates Employees Were Pirating Blu-Rays
November 25, 2014, 4:00 PM
Google Caves to Microsoft and Apple's Pet "Patent Troll" Rockstar
November 24, 2014, 3:30 PM
Some High-End Luxury Watchmakers Crack Down Hard on Smartwatch Faces
November 26, 2014, 1:28 AM
Report: Samsung Galaxy S5 Sales Have Come in 40% Below Projections
November 24, 2014, 6:58 AM
Xiaomi Aims to be #1 Smartphone OEM Within 10 Years, Apple Urges Caution
November 21, 2014, 9:33 AM
Latest Blog Posts
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information