Nvidia Investigates Claims Of Online Store Compromise During Spate Of Hacking


Just a few days back we posted about Yahoo! Voices Hacked With SQL Injection – Passwords In Plaintext, and most recently it seems someone has been going after Nvidia pretty hard.

They have already had a few web properties hacked including their forum, the developer zone and their research site. The latest break in the news is a claim that the store has been hacked – they have suspended access whilst they investigate.

Graphics chip manufacturer Nvidia is investigating claims that hackers have compromised its online stores as part of a larger attack that affected several of its websites.

On Friday, a hacker group calling itself Team Apollo claimed that one of Nvidia’s online stores was compromised. As a result, the company suspended access to its Board Store and Gear Store websites.

“Nvidia is investigating whether the store sites were hacked,” Bea Longworth, Nvidia’s senior PR manager for EMEAI (Europe, Middle East, Africa, India), said Monday via email. “We don’t have any evidence that credit card data or customer lists have been put at risk, but we’re investigating.”

The news follows confirmed compromises of some of the company’s other websites last week. “Nvidia Forums, Nvidia Developer Zone and Nvidia Research were compromised in what appears to have been a breach by third parties seeking sensitive information,” Longworth said. On Thursday, Nvidia revealed that hackers had gained access to the Nvidia Forums database and stole usernames, email addresses, hashed passwords and user profile information.

We haven’t really discussed Nvidia much before and I dont recall them being a hacking target previously, we’ve only mentioned them in passing when it comes to tools and methods using graphics card chips for brute forcing like – CUDA-Multiforcer – GPU Powered High Performance Multihash Brute Forcer.

I imagine them having a store and carrying out transactions online puts them in the firing range though, when there’s money or credit card details involved – the bad guys will come.


On the same day, the company also took its Developer Zone and Nvidia Research websites offline over suspicions of compromise. Those suspicions were confirmed on Friday, when a hacker posted hashed passwords for a proportion of DevZone users on a public website.

Nvidia was not the only company forced to deal with data leaks that resulted from hacker attacks during the past week.

On Tuesday, the company operating Formspring, a website where users can post and answer questions, disabled its users’ passwords after 420,000 password hashes were posted on a forum. The company later confirmed that someone broke into one of its development servers and stole user account information from a production database.

On Thursday, a hacker group published a list of 450,000 log-in credentials that it claimed to have stolen from the database of an unnamed Yahoo service. Yahoo later confirmed that the log-in credentials were from its Yahoo! Contributor Network service.

Nvidia has taken the other compromised sites down and confirmed they were hacked, I wonder if the threat against the store is just bravado or someone genuinely has compromised it. There seems to be no proof of that at this point however.

There seems to have a been a real glut of these kind of attacks lately, I wonder if there’s a new vulnerability passing around the underground that no-one knows about in a common web language like PHP or in a common service like Apache or the recent MySQL bug.

I wouldn’t be surprised if a lot of these are due to this: MySQL 1 Liner Hack Gives Root Access Without Password.

Source: Network World

Posted in: Exploits/Vulnerabilities, Hacking News


Latest Posts:


APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.


One Response to Nvidia Investigates Claims Of Online Store Compromise During Spate Of Hacking

  1. David Williams July 24, 2012 at 4:47 am #

    Seems having a web presence these days is motivation enough for hackers. Though it does make me wonder why more high profile businesses don’t use products like Barracuda Web Application Firewall to protect their websites from exploits like this. It would seem ratehr cheap insurance just from a PR stand point considering the cost of the fallout of such an event.