Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedLow impactAI Generated
NVIDIA GeForce NOW Data Breach – Armenian Regional Partner Compromised – March 2026
Occurred 20 Mar 2026·Detected 10 May 2026·
🇦🇲 Armenia; GFN.am infrastructure operated by NVIDIA's regional GeForce NOW Alliance partner1 reportEnded 10 May 2026
CyberCyberCasualty & Liability
NVIDIA has confirmed a data breach affecting GeForce NOW users in Armenia, caused by a compromise of infrastructure operated by GFN.am, the regional partner responsible for running the GeForce NOW service in Armenia. The breach occurred between 20–26 March 2026 and exposed personal data including full names, email addresses, phone numbers, dates of birth, and usernames. A threat actor using the ShinyHunters nickname claimed responsibility and offered the alleged database for $100,000 in cryptocurrency, though this actor is believed to be an impersonator. NVIDIA states its own network was not impacted.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Low impact. The breach is geographically limited to Armenia via a third-party regional partner, with NVIDIA's core infrastructure unaffected. Exposed data does not include passwords or payment information, reducing the severity of potential downstream harm, though liability and notification obligations may arise.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Intelligence ledger
Each line expands in place to its underlying sourced claim.
Known8 lines
NVIDIA confirmed a data breach affecting GeForce NOW users via a statement to BleepingComputer on 8 May 2026.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
The breach occurred between 20–26 March 2026 at GFN.am, the Armenian regional partner's infrastructure.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Exposed data includes full names (if Google account used), email addresses, phone numbers (if registered via mobile operator), dates of birth, and usernames.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
No account passwords were exposed.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Users who registered after 9 March 2026 are not affected.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
NVIDIA's own network and services were not impacted.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
GFN.am published a statement confirming the cybersecurity incident.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
The threat actor's post on the hacker forum has since been removed.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Reported3 lines
A threat actor using the ShinyHunters nickname claimed to have stolen millions of user records and offered the database for $100,000 in Bitcoin or Monero.▾
structured linereported
No separate sourced-claim record is available for this line yet.
The threat actor posted sample data on a hacker forum.▾
structured linereported
No separate sourced-claim record is available for this line yet.
GFN.am is also responsible for GeForce NOW operations in Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan, though no impact on those countries has been confirmed.▾
structured linereported
No separate sourced-claim record is available for this line yet.
Uncertain4 lines
The total number of affected users has not been confirmed.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The ShinyHunters actor who posted the breach claim is believed to be an impersonator, not the actual ShinyHunters group.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
It is unclear whether the stolen database was sold or if the forum post was deleted by the seller or forum administrators.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether users in Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan were also affected remains unconfirmed.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Affected countries
🇦🇲 Armenia
Timeline
Status Change7 Jun 2026, 19:51
Lifecycle changed
signal → closed
Closure7 Jun 2026, 19:51
Event Closed
hygiene_sweep_stale
Initial Detection10 May 2026, 22:15
Initial Detection
NVIDIA has confirmed a data breach affecting GeForce NOW users in Armenia, caused by a compromise of infrastructure operated by GFN.am, the regional partner responsible for running the GeForce NOW service in Armenia. The breach occurred between 20–26 March 2026 and exposed personal data including full names, email addresses, phone numbers, dates of birth, and usernames. A threat actor using the ShinyHunters nickname claimed responsibility and offered the alleged database for $100,000 in cryptocurrency, though this actor is believed to be an impersonator. NVIDIA states its own network was not impacted.
Our investigation found no impact on NVIDIA-operated services. The issue is limited to systems run by a third-party GeForce NOW Alliance partner based in Armenia. We are working closely with the partner to support their investigation and resolution. Impacted users will be notified by GFN.am.
Source: BleepingComputer (Trade Media) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts