Ransomware hackers breached Nvidia last week and claim to have stolen a terabyte of sensitive data. The attackers have been threatening to release this stolen data if their increasingly bizarre demands are not met.
The hackers originally demanded Nvidia to remove crypto mining limitations from its GPUs but added even more absurd demands recently. Now the hacker group is threatening to release Nvidia’s “closely guarded trade secrets” unless the company makes its hardware drivers open-source.
The hacker group called Lapsus$ has already started leaking data. The data breach monitoring website Have I Been Pwned shows that the hackers have stolen and leaked the credentials of over 71,000 Nvidia employees. This includes email passwords, Windows password hashes, and more.
Nvidia had already confirmed that employee passwords were leaked from the company, but did not mention any countermeasures such as notifying the victims or forcing password resets. Despite the increasing cyber damage, Nvidia has not updated its incident response page since Thursday.
Lapsus$ gave Nvidia until March 4 to decide, which was yesterday. It remains to be seen whether the hackers have actually leaked the company’s “trade secrets” since there have been no updates since then. But we will update this space once there is more info.