By now, even most casual tech industry observers are aware that Nvidia was hacked last week. Nvidia confirmed the attack, stating that it was "aware of a cybersecurity incident which impacted IT resources." The company went on to add that "we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online."
South America-based hacking group Lapsus$ claimed responsibility for the cyberattack and now apparently has leaked the credentials of Nvidia employees online. As confirmed by the Have I Been Pwned monitoring website, credentials for 71,355 employees are accessible. According to the site, the available data includes "over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community."
As part of the #NvidiaLeaks, two code signing certificates have been compromised. Although they have expired, Windows still allows them to be used for driver signing purposes. See the talk I gave at BH/DC for more context on leaked certificates: https://t.co/UWu3AzHc66 pic.twitter.com/gCrol0BxHdMarch 3, 2022
Earlier this week, Lapsus$ reportedly leaked the source code for Deep Learning Super Sampling (DLSS), a competitor for AMD's open-source FidelityFX Super Resolution technology. The hacker group is also asking for $1 million for access to Nvidia's Light Hash Rate (LHR) cryptocurrency mining limiter found on more recent GeForce RTX 30 Series graphics cards. The LHR limiter reduced Ethereum mining performance by roughly 50 percent on these graphics cards, so removing the cap would make them more profitable for miners -- at least until "The Merge" takes place later this year.
