NVIDIA confirmed that personal information belonging to GeForce NOW users in Armenia was exposed after a breach at GFN.am, its regional alliance partner operating the service locally. GFN.am said attackers gained unauthorized access to a backend database between March and late March, with the intrusion reportedly first detected on May 2 and publicly disclosed on May 5. NVIDIA said its own network and NVIDIA-operated services were not affected, and no confirmed impact outside Armenia has been reported.
The exposed data may include names, email addresses, phone numbers, dates of birth, and platform usernames, including full names for some users who signed in with Google and phone numbers for some who registered through a mobile operator. GFN.am said passwords were not compromised, but the breach followed claims by ShinyHunters, which allegedly advertised millions of GeForce NOW records for sale for $100,000 in cryptocurrency on a hacker forum. The company said it has fixed the root cause and added security controls, while affected users face heightened risks of phishing, SIM-swapping, and other social-engineering attacks.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
On 2026-05-08, NVIDIA confirmed that user information was exposed in a breach affecting GFN.am-operated systems in Armenia, while stating NVIDIA-operated services and its own network were not impacted. NVIDIA said impacted users would be notified by GFN.am and no confirmed impact beyond Armenia had been reported.
Following the disclosure, threat actor ShinyHunters allegedly posted on a hacker forum claiming to have stolen millions of GeForce NOW records and offered the database for sale for $100,000 in Bitcoin or Monero.
On 2026-05-05, GFN.am disclosed a breach involving unauthorized access to its backend database and said passwords were not compromised. The company also said it remediated the root cause and implemented additional organizational and technical security controls.
GFN.am said it first detected the unauthorized access on 2026-05-02 after an exposure window of roughly 54 days.
NVIDIA later described the breach as affecting systems operated by its Armenian alliance partner GFN.am between 2026-03-20 and 2026-03-26. Exposed data included names, email addresses, phone numbers in some cases, dates of birth, and usernames.
GFN.am said an intrusion affecting its backend database started on 2026-03-09, creating a period during which GeForce NOW Armenia user data may have been accessed or exfiltrated.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
5 references tracked. Mallory keeps watching after this page renders.
scworld.com
Open sourcecybersecuritynews.com
Open sourcebleepingcomputer.com
Open sourcegfn.am
Open sourcegfn.am
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.