The group behind a recent cyber attack on Nvidia has leaked more sensitive data. After attempts to force Nvidia to open source its graphics drivers failed, the group began leaking more data, this time impacting over 71,000 employees.
The hacking monitoring website Have I Been Pwned has reported the incident, stating that “NVIDIA suffered a data breach that exposed employee credentials and proprietary code”. The leaked credentials include email addresses and NTLM password hashes of 71,355 employees, some of which have already been cracked and are available for hackers to use.
If you're wondering about Nvidia's global workforce being that big, it's because it isn't. Currently, the company employs about 20,000 individuals. So the leak likely contains some outdated employee credentials and some double-ups.
Besides the credentials, security researcher, Bill Demirkapi (via Tom's Hardware), states that LAPSUS$ also leaked two code signing certificates. These certificates expired in 2014 and 2018, but Windows “still allows them to be used for driver signing purposes”.
Discuss on our Facebook page, HERE.
KitGuru says: Unfortunately, this likely won’t be the last leak to come out of this situation as the hackers still claim to have more files to release.