The company confirms it was hacked. | Photo credit should read Costfoto/Future Publishing via Getty Images
Nvidia has confirmed that it was hacked — and that the actor behind last week’s “incident” is leaking employee credentials and proprietary information onto the internet. In a statement to PCMag, Bloomberg, and VideoCardz, the company says it became aware of the breach on February 23rd, and that it does “not anticipate any disruption to [its] business or our ability to serve our customers as a result of the incident.”
Hacking group Lapsus$ has claimed responsibility for the attack, and has demanded that Nvidia make its drivers open-source if it doesn’t want more data leaked. Nvidia hasn’t necessarily agreed to those demands; the company says it’s made improvements to its security, notified law enforcement, and is working with cybersecurity experts to respond to the attack.
Lapsus$ claims to have around a terabyte of data from Nvidia, according to PCMag. In a message seen by The Verge, the hackers say the hardware folder alone is 250GB, and contains information on “all recent Nvidia GPUs” including the mysterious RTX 3090 Ti. In an earlier message, the group threatened to leak the files if Nvidia doesn’t remove the limitations on its recent graphics cards that are meant to make them less appealing to cryptominers. Lapsus$ updated its demands today, adding the condition that Nvidia permanently make its GPU drivers completely open-source, and said that the company had until Friday to make a decision.
A message from the hacking group, updating its demands to Nvidia.
After Nvidia confirmed it was looking into an incident, there was speculation that ransomware was involved, and that the attack could be linked to the conflict between Russia and Ukraine. However, Nvidia says there’s no evidence that either of those things are true.
Toby Lewis, Head of Threat Analysis at dark web intelligence firm Darktrace, told The Verge that the alleged hacking group’s “previous targets and near-native use of Spanish and Portuguese in previous ransom notes suggest that [it] operates out of South America.” He also said that the group is “highly secretive,” and that its attack on Nvidia seems to be it taking advantage of the confusion caused by everything going on, rather than it being motivated by connections to the Russian government.