The threat of a major ransom attack looms over computer chip giant Nvidia. Thousands of its employee passwords have been exposed online by hackers, who now demand ransom in exchange for the passwords. The attack underscores the ongoing cyber security threats facing corporations and the potential of hackers to target vulnerable employees with phishing attacks.
In this report, we discuss what Nvidia is doing to counter this serious breach, who is at risk and how other companies can protect themselves from similar incidents in the future.
Thousands of Nvidia employee passwords leak online as hackers’ ransom deadline looms
In May 2021, after a hacker group released thousands of Nvidia employees’ passwords, Nvidia was put on alert as the hacker’s ransom deadline loomed. Nvidia had become a target for hackers after the company’s success in recent years as a leader in the GPU market.
This article will provide some background information on the attack, and the potential risk it could pose to Nvidia and its employees.
Ransomware attack
A hacker group that calls itself “Phineas Fisher” has been attempting to extort cash from Nvidia by threatening to release the passwords of thousands of their employees if a ransom is not paid. The hackers have reportedly accessed login credentials for over 20,000 Nvidia employees, including executives.
The group claims it downloaded data from the company’s servers, including the passwords of more than 7,000 Nvidia staff members and sensitive financial documents. They are now demanding a large payment in Monero cryptocurrency in exchange for data they possess.
The company says that the ransomware leveraged an automated login-guessing attack on exposed Remote Desktop Protocol (RDP) ports with low security settings. RDP provides remote access over a network; hackers can use it to gain entry into computers and networks without users’ knowledge or consent. Once inside their systems using the stolen account credentials and RDP connections, hackers can launch ransomware attacks against companies and organisations like Nvidia who store sensitive information on their networks.
Nvidia is currently working with law enforcement authorities to contain the security incident and has advised its employees of the ongoing threat posed by hackers exploiting weak or default passwords associated with their accounts. It also encourages everyone to use complex passwords unique to each online service and regularly change them when necessary.
Hackers demand $6 million in ransom
Hackers have demanded a $6 million ransom from Nvidia after thousands of employee passwords were leaked online. According to reports, the passwords were leaked as part of a ‘phishing’ attack, which tricked unsuspecting users into revealing their logins and other confidential data. The hackers are thought to be using powerful software to search for code words and phrases in emails, documents and other communications sent by Nvidia employees.
The hackers reportedly sent a request to Nvidia management on Tuesday demanding payment within 72 hours or more of their confidential information being made public. The company has yet to publicly comment on the incident but is believed to be cooperating with law enforcement in tracing the identity of those responsible.
This is not the first time hackers have targeted Nvidia, although this appears to be the biggest attack. In late 2019, a former employee was arrested for hacks that exposed customer data from several hundred accounts. Still, it pales compared to this latest incident, which has jeopardised hundreds of thousands of logins.
Suppose an agreement between Nvidia and the group behind this attack is not reached by Thursday evening (19th November). In that case, sensitive data could start appearing online including usernames and passwords used at various corporate companies and government institutions worldwide and emails sent by executives at each organisation.
Nvidia Employee Passwords Leak Online
Recent news has reported that many Nvidia employee passwords have been leaked online. This is a major security concern, as it could lead to unauthorised access to confidential data and a potential for serious cyberattacks.
Companies must take the necessary steps to protect their data, as hacks can have far-reaching consequences. So, what can Nvidia do to protect itself and its employees in the future?
Hackers threaten to publish thousands of employee passwords
On February 6, 2021, a hacking group known as Inter McAfee posted a message on Twitter that they had obtained 773GB of files containing information related to NVIDIA customer and employee accounts. This massive data trove includes user profiles, unencrypted passwords, email addresses, chats, and documents. Furthermore, the hackers have threatened to publish the passwords of up to 10,000 NVIDIA employees if their ransom demand is not met by February 12th.
The data breach is believed to have occurred through NVIDIA’s customer-support forum. In addition to customer data and passwords of unidentified users being leaked online, the ransom also claims that some employee usernames and encrypted passwords were included in the leak. While it’s very difficult for someone outside the company to decrypt an encrypted password, hackers could use phishing attacks using these details to target employees with malicious emails designed for stealing more private information such as banking details or credit card numbers.
NVIDIA has released a statement confirming that they are aware of the attack and have secured their forum while they investigate further. They will contact impacted customers directly if they find evidence of attempted unauthorised access while investigating this incident. The company also assured customers and employees that no confidential financial information such as credit card numbers or social security numbers was part of this leak since all sensitive information remains secure in their payment system and other internal databases.
Nvidia employees warned of potential phishing attacks
Nvidia employees have been warned of potential phishing attacks following the leak of thousands of employee passwords online. The hackers responsible for this leak demanded a ransom from Nvidia, threatening to publish the passwords if their demands were not met by an April 15 deadline.
Though the deadline has now passed with no payment received, Nvidia employees must remain vigilant in protecting themselves against any potential attacks from malicious actors leveraging the leaked data. To that end, Nvidia has issued urgent notifications to all its employees warning them to be cautious and aware of any suspicious activity.
In addition to remaining vigilant, some basic security measures should be taken to help protect against fraudulent emails or other malicious requests:
- Employees should change their passwords regularly and use upper and lower case letters, numbers, and symbols.
- Strong two-factor authentication should be enabled on all accounts when possible.
- Keep up-to-date on security concerns related to popular accounts associated with work or personal emails (e.g., Office 365).
- Be wary of unexpected emails containing links and attachments – they might contain malicious content attempting to steal personal information (phishing).
- Be particularly wary if urgent action is requested in unsolicited messages – it’s likely an attempt at fraud (phishing).
- If possible, install anti-virus software and update Windows devices with Microsoft patches regularly.
By taking these steps and remaining alert for potential threats, Nvidia employees can protect themselves from phishing attacks that could use the leaked data to target them.
Security Measures
As news gets out that hackers have potentially stolen thousands of Nvidia employee passwords in a massive phishing attack, it is becoming increasingly important to focus on ensuring the proper security measures are taken to protect employees and their data.
Let’s examine how Nvidia and other companies can protect against future attacks.
Nvidia advises employees to change passwords
Nvidia has urged its employees to change their passwords and other secure information because of a massive data breach that exposed thousands of user passwords online.
On Sunday, security researchers revealed that two hackers had gained access to over 7 million accounts of Nvidia employees in an attempted ransomware attack. In addition, the hackers had attempted to blackmail the company for US$4 million, with a deadline expiring on Monday.
To respond immediately to the cyberattack, Nvidia has taken multiple cyber security measures and asked its staff members worldwide to update their credentials and credentials management processes. In addition, employees have also been asked to update their enterprise account passwords and any passwords they may have used while accessing Nvidia services such as work email accounts or internal networks.
In addition, Nvidia executives have stated that they are conducting additional security reviews on all employee accounts and increasing awareness across the company about cyberattacks by reinforcing safe Internet habits across various platforms.
To ensure employee safety and protect customer information, all companies need to take proactive steps towards updating cybersecurity measures regularly. Along with modifying employee passwords often enough, organisations should also invest in comprehensive security software solutions designed to stop malicious attacks from infiltrating its corporate networks.
Nvidia takes steps to protect employee data
Nvidia, one of the world’s largest semiconductor companies, recently announced that they had taken preventative measures to ensure the security of their employee data following recent reports of an ongoing cyber-attack on their databases. The company released a statement stating that they were aware of the risks posed by hackers and had taken steps to protect company and employee data.
Nvidia has reportedly implemented several security measures to prevent a similar attack in the future, including increasing enforcement of two-factor authentication for employees logging into their systems. Additionally, all employee passwords have been reset as a precautionary measure and employees have been instructed to refrain from clicking suspicious links sent via email or other sources.
Employees have also been advised to use stronger passwords with a combination of uppercase and lowercase letters and at least 8 characters for longer password protection. Nvidia has also implemented regular security reviews and tests with third party technology experts and internal IT staff to identify vulnerabilities before any breach occurs.
While these measures may not be foolproof against future attacks, they are commendable steps being taken by Nvidia in response to a terrifying attack on employee data. The company is taking the necessary steps to protect its most valued asset – its people – while giving them peace of mind that their information is secure.
The importance of multi-factor authentication
Multi-factor authentication (MFA) is an essential security measure for organisations dealing with sensitive customer data, such as Nvidia. It prevents unauthorised access by requiring users to provide two or more pieces of evidence (or “factors”) to gain access. The most common factors are something the user knows (such as a password or PIN), something the user has (such as a security token), and something the user has (such as a biometric identifier). This multi-layered approach greatly reduces the chances of an unauthorised party gaining access to sensitive data.
For Nvidia, MFA would be particularly beneficial in this case, since hackers could gain access to thousands of company usernames and passwords through phishing scams. By harnessing MFA, Nvidia can mitigate this risk, as it requires users to enter additional information beyond what was initially stolen for them to gain access. This makes it much harder for malicious actors to use stolen credentials for nefarious purposes.
In addition, utilising MFA sensors can serve as an added layer of protection from sophisticated cyberattacks by providing real-time notifications when any suspicious activity has been detected and potentially blocking further attempts at infiltration. By implementing MFA at all levels within their organisation, Nvidia will reduce the risk of future attacks while providing peace of mind that the sensitive data they are responsible for remains secure.