NVIDIA confirmed a data breach affecting only its Armenian GeForce NOW partner, GFN.am, and said the company’s core, globally managed systems were not compromised. The incident—dated March 20–26, 2026—exposed personal user records held by the regional operator but did not include passwords or payment information, according to the vendor statement.

What happened in Armenia and what was taken

NVIDIA says the breach targeted infrastructure run by its Alliance partner GFN.am between March 20 and 26, 2026. The exposed fields reportedly included full names (for Google-logged users), verified email addresses, phone numbers when provided, usernames, dates of birth, membership status and two‑factor authentication (2FA/TOTP) metadata; no account passwords or payment details were leaked. NVIDIA also noted users who registered after March 9, 2026 appear to be unaffected, which suggests attackers accessed a dated snapshot or backup rather than maintaining live access.

GFN.am runs GeForce NOW in Armenia and also provides service in Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine and Uzbekistan. As of NVIDIA’s confirmation, there is no verified impact outside Armenia. A threat actor claiming to be “ShinyHunters” posted the database for sale for $100,000 in cryptocurrency before the listing was removed from the forum, leaving open whether the data was sold privately or simply taken down.

Why regional partners change the security equation

Recommended Reading

Pentagon’s AI Surveillance Expansion Reveals Legal Gaps and Ethical Strains on Commercial Data Use

The Pentagon has recently integrated advanced artificial intelligence into its intelligence operations, marking a significant transformation in government surveillance methods. This change is critical now because it alters how surveillance is conducted, potentially bypassing established legal protections. The timing reflects a broader push to enhance national security capabilities amid evolving technological landscapes. This new approach […]

Pentagon’s AI Surveillance Expansion Reveals Legal Gaps and Ethical Strains on Commercial Data Use

The core point here is not a failure of NVIDIA’s central cloud; it is that decentralizing user authentication and customer databases to regional partners materially expands the platform’s attack surface. GFN.am operates its own authentication, billing and customer records independently of NVIDIA’s central platform, meaning security standards, patching cadence and incident detection can vary by partner.

That governance gap creates a practical consequence: an attacker can obtain valuable user records without touching NVIDIA-managed servers. For global services built on alliance networks, risk now depends on the weakest partner’s controls as much as the vendor’s central defenses—an architectural reality NVIDIA acknowledged in its public notice.

What the leaked fields enable and who should worry

Even without passwords or payment data, the record set is useful to attackers. 2FA/TOTP metadata lets bad actors identify accounts with weaker protections; phone numbers and dates of birth ease SIM‑swap and social‑engineering campaigns; verified emails and membership status make phishing efforts more convincing. Those are the concrete pathways from the leak to account takeover or identity fraud.

Next checkpoints and immediate steps for users and operators

Watch for two verified developments: (1) any evidence the stolen dataset was sold or published after the March 20–26 listing; and (2) disclosures from other regional partners or local regulators. NVIDIA’s public confirmation and the dark‑web post removal are the current markers—security teams should expect further updates in the coming days and possibly filings with data protection authorities if customers complain or cross‑border data transfers are implicated.

Practical actions: affected users should be alert for phishing and unsolicited contact, avoid clicking links in unexpected emails, enable or reconfigure 2FA using an authenticator app rather than SMS, and monitor credit or identity services if birth dates and phone numbers were shared. Operators and platform owners that rely on regional partners should inventory which partners hold user credentials, require regular audits, and enforce minimum security baselines to limit these supply‑chain blind spots.

Quick Q&A

Am I affected? If you registered through GFN.am in Armenia before March 9, 2026, your name, email and other personal fields may be in the leak. NVIDIA says users who signed up after March 9 are likely not affected.

Did NVIDIA’s core systems get breached? NVIDIA has stated its central, globally managed GeForce NOW infrastructure was not compromised; the breach was confined to GFN.am’s independent systems.

Should I change my password? Passwords were not part of the published leak, but if you reuse passwords elsewhere, changing them and enabling an authenticator‑based 2FA is prudent.