ShinyHunters Claims Breach of NVIDIA GeForce NOW User Data During the week of May 2, 2026, the cybercrime group ShinyHunters advertised a purported database of NVIDIA GeForce NOW user records on an undisclosed cybercrime forum. The listing, which included sample records as evidence, claimed the dataset contained highly detailed user information, including full names, usernames, verified email addresses, dates of birth, membership status, subscription tiers, and two-factor authentication (2FA) enrollment flags. ShinyHunters described the 2FA field as metadata indicating which accounts had multi-factor authentication enabled. The group has not disclosed the total number of records, the asking price, or the specific forum hosting the listing. This follows the group’s established pattern of posting stolen data for sale with sample proofs. NVIDIA has not confirmed the breach. As of May 2, 2026, the company’s GeForce NOW status page listed only regional service delays in India and a maintenance notice for Call of Duty HQ, with no mention of a security incident. NVIDIA’s security advisories, including its GitHub-based PSIRT bulletins, also contained no references to a GeForce NOW data breach or ShinyHunters-related activity. ShinyHunters, active since 2019, has claimed responsibility for breaching approximately 100 high-profile companies and 300–400 organizations since September 2025, primarily by exploiting misconfigured Salesforce Experience Cloud guest user access controls. The group employs voice phishing and credential-harvesting tactics, often impersonating IT support to obtain single sign-on (SSO) credentials. In June 2025, law enforcement disrupted part of its operations with arrests in France and a guilty plea by a U.S.-based member. While the authenticity of the claimed breach remains unverified, the incident underscores ongoing risks associated with credential-based attacks and the potential exposure of sensitive user data.

GFN.AM Data Breach Exposes Personal Information of Early Registered Users On May 5, 2026, GFN.AM an authorized NVIDIA GeForce NOW cloud gaming service provider under "GFN CLOUD INTERNET SERVICES" LLC disclosed a data breach affecting users registered on or before March 9, 2026. Unauthorized access to the company’s backend database occurred nearly two months prior, with the intrusion detected on May 2, 2026, leaving a 54-day window for potential data exposure. The breach compromised a range of personal information, including: - Email addresses - Phone numbers (for mobile-registered users) - Dates of birth - Full names (for users who authenticated via Google Sign-In) - GFN.AM platform usernames While passwords were not exposed, the combination of leaked data particularly email addresses, phone numbers, and full names heightens risks of phishing, SIM swapping, and social engineering attacks. Users who signed in via Google are advised to review account activity due to the exposure of their full names. GFN.AM responded by securing its systems and implementing additional security measures, though the root cause whether a compromised credential, unpatched vulnerability, or misconfiguration remains undisclosed. The company has not confirmed whether affected users will receive individual notifications or if regulatory authorities have been informed. Security experts warn that the stolen data is valuable for cybercriminals, enabling targeted attacks even without password exposure. The incident underscores the growing threat of supply chain breaches, where third-party providers become entry points for attackers.