As Nvidia hacker deadline looms, 71,000 employee accounts have reportedly been exposed

theverge.com:

Nvidia never denied that it got hacked. The GPU giant just didn’t say all that much about what happened, either.

But now — as we wait to see whether the hackers make good on their threat to dump hundreds of gigabytes of proprietary Nvidia data on the web, including details about future graphics chips, by an unspecified Friday deadline — the compromised email alert website Have I Been Pwned suggests that the scope of the hack includes a staggering 71,000 employee emails and hashes that may have allowed the hackers to crack their passwords (via TechCrunch).

It’s not clear how Have I Been Pwned obtained this info, and Nvidia won’t say. Nvidia would not confirm or deny to The Verge whether 71,000 employee credentials have been compromised, and it would not say whether it plans to comply with any of the hackers’ demands.

It is worth noting that Nvidia has far fewer than 71,000 employees — its last annual report lists 18,975 employees across 29 countries, though it’s possible the compromised email addresses include prior employees and aliases for groups of employees. (Companies that rely heavily on email often have a lot of mailing lists.) The Telegraph’s initial report suggested that the company’s internal systems, including email, had been “completely compromised,” and a leak of 71,000 employee credentials would line up with that.

Here is all that Nvidia is actually saying today, via spokesperson Hector Marinez:

On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.

We have no evidence of ransomware being deployed on the NVIDIA