The ShinyHunters threat group is claiming to have breached NVIDIA’s GeForce Now platform and is allegedly offering a full user database for sale, containing what they describe as millions of records tied to the cloud gaming service.
The listing surfaced on May 2, with the actor claiming the data was pulled directly from backend systems. The dataset is being marketed for $1000 in cryptocurrency and promoted for use in phishing, account takeover, and other forms of abuse. At time of publication, NVIDIA had not issued any public statement addressing the claim.
Claimed dataset includes identity and account metadata
According to the listing, the alleged database contains detailed user account information spanning both identity data and internal account attributes. The actor claims the dataset includes:
- Full names
- Email addresses
- Usernames and nicknames
- Date of birth data
- Account creation timestamps
- Membership status
- Email verification status
- TOTP and 2FA configuration indicators
- Internal roles and access flags
Samples shared by the actor show structured account records with fields consistent with authentication and profile management systems. While the format appears plausible, there is currently no independent verification confirming the dataset’s authenticity or scale.
Authentication metadata could enable targeted attacks
The inclusion of authentication-related fields such as TOTP status and account roles increases the potential value of the dataset beyond basic contact information. Even without passwords, verified email addresses paired with account metadata can be used to refine phishing campaigns or identify accounts that may lack multi-factor protection.
Internal role indicators may also provide insight into higher-privileged accounts, making them more attractive targets for follow-on attacks. This type of data is often leveraged in credential stuffing campaigns or social engineering operations designed to bypass account protections.
Pattern of ongoing claims across technology platforms
The alleged GeForce Now breach follows a series of recent claims tied to the group targeting technology and cloud-based platforms. These include incidents involving developer tools, SaaS providers, and large-scale user databases.
Recent reporting has also linked ShinyHunters to broader data exposure activity, including an alleged Vimeo data compromise and claims involving internal AI platform data, though verification levels vary across incidents.
The volume and frequency of these claims suggest a sustained campaign of data acquisition and monetization, though not all incidents have resulted in confirmed breaches.
Verification and impact remain unclear
There is currently no confirmation that NVIDIA systems have been compromised or that the dataset being sold is legitimate. The method of access, whether through direct compromise, third-party exposure, or aggregation from other sources, has not been disclosed.
Until independently verified, the claim should be treated with caution. However, the nature of the data described presents credible risk if authentic, particularly given the scale and type of information allegedly involved.
Users of GeForce Now should remain alert for phishing attempts and suspicious account activity, especially emails referencing account verification, login issues, or subscription changes.
