Hacking is one of the worst nightmares of a modern tech company, and Nvidia is the latest victim. The information of 71,000 workers is now being held at ransom.
While Nvidia is not giving full details of the hack it has suffered, the hackers are threatening to expose hundreds of gigabytes of the company’s information. The data includes Nvidia’s highly protected trade secrets. It also includes details on the company’s product roadmap, like upcoming graphic chips. However, Have I Been Pwned, a website that tracks compromised emails, suggested the data involves 71,000 employees whose passwords have been cracked.
Have I Been Pwned has not disclosed how it got the information, and Nvidia itself won’t reveal the scope of the breach. It is also refraining from discussing whether it will comply with the hackers’ demands. The company does not expect the hack to affect its day-to-day operation and continues to work with cyber security experts and law enforcement agents.
Also, even though Have I Been Pwned is talking about 71,000 employees, Nvidia has far less than that number on its payroll. The company disclosed it employed about 19,000 employees worldwide in its last annual report. One possibility is that the emails include past employees and also group emails. However, that would still be a lot of non-personal emails if 71,000 holds true.
The demands by the group of hackers, which identifies itself as LAPSUS$, are virtually impossible to meet. The group wants Nvidia to open source its GPU drivers forever and remove its Ethereum cryptocurrency mining nerf from all Nvidia 30-series GPUs.
LAPSUS$ also wants some money as it has announced it will sell a wok-around of the crypto nerf for $1 million. They also announced that the promised leak could be delayed due to negotiation with a potential buyer of Nvidia’s source code.
Nvidia’s silence on the hack does not mean it is doing nothing. It is not unusual for victims of such hacks to pay a ransom, although the transaction may not be publicized.
Reproduced below is Nvidia’s latest statement on the hack:
“On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.
“We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.
“Security is a continuous process that we take very seriously at NVIDIA – and we invest in the protection and quality of our code and products daily.”