NVIDIA Confirms GeForce NOW Data Breach Affects Armenian Users

NVIDIA has officially confirmed a data breach impacting its GeForce NOW service, exposing personal information for a subset of users in Armenia. The disclosure, made in a statement to BleepingComputer, outlines that an estimated 12,000 Armenian accounts were affected. Exposed data includes email addresses, usernames, bcrypt‑hashed passwords, and active session tokens.

The root cause has been traced to a misconfigured API endpoint within GeForce NOW’s backend. The “userinfo” GET route failed to enforce proper authentication checks, allowing any requester to retrieve user profile details without a valid session. This flaw enabled an attacker to harvest the Armenian user dataset by repeatedly querying the endpoint. Security researchers noted that the misconfiguration was introduced during a routine deployment on 14 February 2024 and remained unpatched until the breach was detected on 3 March 2024.

Upon discovery, NVIDIA immediately invalidated all active sessions for the impacted accounts and forced password resets. Affected users were notified via email and offered a complimentary 12‑month credit‑monitoring service through a third‑party provider. The company also patched the API access control, conducted a comprehensive security audit, and implemented additional monitoring to prevent similar incidents.

Security experts recommend that users change their passwords promptly, enable two‑factor authentication, and be vigilant for phishing attempts that could leverage the exposed email addresses. Organizations using similar cloud‑based services should review API authentication mechanisms and enforce least‑privilege access to reduce the risk of data leakage.