Nvidia has never disputed being hacked. The GPU behemoth didn’t say much about what had transpired, either.
However, as we wait to see if the hackers follow through on their threat to dump hundreds of gigabytes of proprietary Nvidia data on the web by an unspecified Friday deadline, the compromised email alert website Have I Been Pwned claims that the scope of the hack includes a staggering 71,000 employee emails and hashes that may have allowed the hackers to crack their passwords.
Have I Been Pwned isn’t saying how they got this information, and Nvidia will not confirm or deny that the credentials of 71,000 employees were compromised, nor would it disclose whether it intends to comply with any of the hackers’ demands.
It’s worth noting that Nvidia employs significantly fewer than 71,000 people — its most recent annual report cites 18,975 people in 29 countries — but it’s possible that the hacked email addresses include former employees and aliases for groups of people. (Mailing lists are common in companies that rely significantly on email.) The company’s internal systems, including email, had been “totally hacked,” and a leak of 71,000 employee credentials would fit that description.
Rather than asking for money, the LAPSUS$ hacking group demanded that Nvidia open-source its GPU drivers forever and remove its Ethereum cryptocurrency mining nerf from all Nvidia 30-series GPUs (such as newer variants of the RTX 3080).
But it’s evident that they desire money as well. The hackers have also announced publicly that they will sell a bypass for the crypto nerf for $1 million, and they briefly stated this morning that today’s disclosure would be postponed while they discussed terms with a potential buyer of Nvidia’s source code.
I wouldn’t expect to hear about it anytime soon if Nvidia does pay up, which isn’t unheard of in these data ransom situations. It will not always be in the best interests of either side to say so. However, if Nvidia refuses to pay or comply, and LAPSUS$ has the data it says, things may get interesting.