ShinyHunters is at it again. The threat actor group responsible for some of the largest data heists of the past few years is now claiming it broke into NVIDIA’s GeForce NOW cloud gaming platform and walked away with a database containing personal information on millions of users. The listing appeared this week on a well-known cybercrime forum.
NVIDIA hasn’t confirmed anything. ShinyHunters, for its part, has posted sample records to back the claim up, and the timing tracks: the group has been linked to several major attacks in early 2026, most of them exploiting social engineering or misconfigured cloud environments.
TL;DR: The GeForce NOW Data Leak
- Who: ShinyHunters is claiming responsibility.
- What: A database allegedly containing millions of GeForce NOW user records.
- Exposed Data: Names, verified emails, usernames, dates of birth, membership status, and 2FA/TOTP metadata.
- Status: Unverified by NVIDIA; sample data posted on dark web forums.
- Action Required: Reset your password and watch for phishing attempts.
What’s in the Alleged Leak
According to the forum listing, the stolen dataset is large and specific enough to be genuinely useful for follow-on attacks. ShinyHunters claims it contains:
- Full Names and Usernames: Real identities tied to gaming handles.
- Verified Email Addresses: Ready-made targeting lists for phishing campaigns.
- Dates of Birth: Useful for identity verification and profiling.
- Membership Details: Subscription tiers and account age.
- 2FA / TOTP Status: Flags showing which accounts have two-factor authentication turned on.
- Internal Account Metadata: Roles and attributes from NVIDIA’s internal systems.
Why the 2FA Data Is the Part Worth Worrying About
Most breaches give attackers email addresses. This one allegedly tells them which accounts aren’t well-protected which is a different problem. Rather than trying accounts at random, someone working from this data could go straight for the ones most likely to fold under a credential stuffing attempt.
Layer verified names and emails on top of that, and you have everything needed to send a convincing fake message from “NVIDIA Support.” The gaming community already gets hit hard by voice phishing and SMS scams. This kind of data makes those attacks cheaper to run and easier to personalize.
ShinyHunters’ Track Record
This group is not an unknown quantity. ShinyHunters built its reputation on massive breaches at Tokopedia and Wattpad, and has more recently surfaced in claims involving ADT and Microsoft-adjacent environments. Their playbook tends to go one of two ways: auction the data to the highest bidder, or use it as leverage. Security researchers who follow the group say they typically get in through compromised employee SSO credentials or cloud storage that was never locked down properly.
What You Should Do Right Now
NVIDIA hasn’t verified the breach yet, but that’s not a reason to wait.
- Change Your Password: If you reuse your GeForce NOW password anywhere else – Steam, Epic Games, your email – change all of them. Every account gets its own password.
- Check Your MFA Setup: No multi-factor authentication? Turn it on. Already using SMS-based 2FA? Think about switching to an authenticator app or a FIDO2 hardware key. SMS is better than nothing, but it’s the weakest option.
- Don’t Fall for the Follow-up: NVIDIA will not ask for your password or 2FA code by phone or unsolicited email. If someone does, it’s a scam.
- Keep an Eye on Your Email: Check Have I Been Pwned over the next few weeks. If your address turns up in a newly cataloged leak, you’ll want to know early.
FAQs
Is the breach confirmed? No. As of now, this is ShinyHunters’ claim. NVIDIA is almost certainly looking into the samples posted on the forum but has not issued a public statement.
What if my data is in it? Change your password first, then lock down your email account with 2FA. Attackers routinely use gaming credentials as a steppingstone to more sensitive accounts – email especially.
Does this affect saved games or payment info? Nothing in ShinyHunters’ current claims mentions credit card numbers or payment data. The focus appears to be on user PII and account metadata.
This story will be updated when NVIDIA responds.
