NVIDIA Confirms GeForce NOW Data Breach at Regional Partner GFN.am
NVIDIA has confirmed a data breach involving its GeForce NOW cloud gaming service, which resulted in the exposure of user information managed by an Armenian regional partner.

NVIDIA has confirmed that user data belonging to customers of its GeForce NOW cloud gaming service was exposed in a data breach. The incident, which occurred between March 20 and March 26, was not a result of a compromise within NVIDIA’s own network, but rather originated from the infrastructure of a regional partner, GFN.am, which operates the service in Armenia BleepingComputer.
The breach involved the unauthorized access of sensitive user information managed by the regional partner. According to GFN.am, the exposed data includes full names (for those using Google accounts), email addresses, phone numbers for users registered via mobile operators, dates of birth, and usernames BleepingComputer. The company explicitly stated that no account passwords were compromised during the incident, and users who registered for the service after March 9 remain unaffected BleepingComputer.
The breach came to light after a threat actor using the alias "ShinyHunters" posted claims on a hacker forum, alleging they had stolen millions of records from the GeForce NOW service. The actor offered the database for sale for $100,000 in Bitcoin or Monero and provided samples of the data to substantiate their claims BleepingComputer. However, security analysts believe the individual behind this specific post is an imposter rather than the well-known threat group ShinyHunters BleepingComputer.
NVIDIA emphasized that its own internal systems were not impacted, noting that GeForce NOW Alliance partners often maintain independent authentication systems, regional billing platforms, and localized infrastructure BleepingComputer. While GFN.am is responsible for operations in several other countries—including Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan—NVIDIA has confirmed that the impact is currently limited to Armenia BleepingComputer.
In response to the incident, NVIDIA is working directly with the partner to support their ongoing investigation and resolution efforts. GFN.am has committed to notifying all impacted users BleepingComputer. As of the latest reports, the threat actor's post on the hacker forum has been removed, though it remains unclear whether the data was sold or if the content was taken down by forum administrators BleepingComputer.
This incident highlights the security risks inherent in third-party partner ecosystems, where regional operators manage their own customer databases and authentication flows. As cloud gaming services continue to expand through regional alliances, the decentralization of user data creates varying levels of security posture across different territories. Organizations and users alike must remain vigilant regarding the security practices of third-party service providers, as these partnerships can serve as an entry point for data exposure even when the primary vendor's core infrastructure remains secure BleepingComputer.