Even the most casual viewers of the computer world are aware that Nvidia was hacked last week. The hack was confirmed by Nvidia, which said it was “aware of a cybersecurity incident that damaged IT resources.” “We are aware that the threat actor has taken employee credentials and certain NVIDIA sensitive information from our systems and has begun releasing it online,” the company continued.
The cyberattack was claimed by the South American hacking group Lapsus$, which has purportedly released Nvidia employees’ passwords online. Credentials for 71,355 employees are accessible, according to the Have I Been Pwned monitoring website. “Over 70k employee email addresses and NTLM password hashes,” according to the site, “many of which were subsequently cracked and disseminated across the hacking community.”
The number of employee accounts purportedly affected was the first item that attracted our notice. The corporation verified that it employs over 20,000 people worldwide but declined to provide a more precise figure. Former employees, employees with numerous accounts to access internal (and external) services, and others could be among individuals whose credentials were leaked. In addition, according to Have I Been Pwned, numerous Nvidia connections were discovered in the February 2022 breach.
As if gaining access to employees’ credentials wasn’t terrible enough, Lapsus$ also obtained two expired code signing certifications. “Windows still permits them to be utilised for driver signing reasons,” explains researcher Bill Demirkapi.
The source code for Deep Learning Super Sampling (DLSS), a competitor to AMD’s open-source FidelityFX Super Resolution technology, was released earlier this week by Lapsus$.
To access Nvidia’s Light Hash Rate (LHR), cryptocurrency mining limiter found on more recent GeForce RTX 30 Series graphics cards, the hacker organisation is asking for $1 million. The LHR limiter cut Ethereum mining speed on these graphics cards by around 50%, so eliminating it would make them more profitable for miners — at least until “The Merge” later this year.