Industry - Data Breach
Executive Summary
NVIDIA confirmed that GeForce NOW user data was exposed in a breach affecting Armenian users between March 20-26, caused by a compromise at regional partner GFN.am's infrastructure. The exposed information includes names, email addresses, phone numbers, dates of birth, and usernames, though passwords were not compromised and users who registered after March 9 are unaffected. A threat actor offered the stolen database for $100,000 on hacker forums before the post was removed.
What Happened
Between March 20 and 26, 2026, a cyberattack compromised the infrastructure of GFN.am, NVIDIA's regional partner operating the GeForce NOW cloud gaming service in Armenia. The breach exposed user data including full names, email addresses, phone numbers, dates of birth, and usernames for users who registered before March 9. A threat actor later advertised the stolen database on hacker forums for $100,000 before the post was removed, though NVIDIA confirmed its own corporate network was not impacted.
Who Is Affected
Armenian users of the GeForce NOW service who registered their accounts before March 9, 2026 are affected by the exposure of their personal information. Users who registered after March 9 are not impacted, and account passwords were not compromised in the breach. While GFN.am also manages operations in Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan, no impact on those countries has been confirmed.
Why It Matters
This incident highlights the privacy risks inherent in third-party partner infrastructure, where regional operators maintain independent authentication systems and customer databases that may have different security standards than the primary service provider. The breach demonstrates how users of globally recognized services can face data exposure through localized infrastructure vulnerabilities, even when the parent company's systems remain secure. The attempted sale of the database on underground forums indicates the data could be used for phishing, identity theft, or account takeover attempts against affected users.
What You Should Do
If you are an Armenian GeForce NOW user who registered before March 9, monitor your email and phone for phishing attempts referencing your gaming account or personal details. Enable multi-factor authentication on your GeForce NOW account and any other accounts using the same email address to prevent unauthorized access. Watch for notification from GFN.am regarding the breach and follow any specific guidance they provide. Consider using unique passwords across different services to limit damage if credentials are compromised in future incidents.
Summary generated from verified sources and reviewed before publication. How we summarize.