Nvidia Investigates Claims Of Online Store Compromise During Spate Of Hacking

The New Acunetix V12 Engine


Just a few days back we posted about Yahoo! Voices Hacked With SQL Injection – Passwords In Plaintext, and most recently it seems someone has been going after Nvidia pretty hard.

They have already had a few web properties hacked including their forum, the developer zone and their research site. The latest break in the news is a claim that the store has been hacked – they have suspended access whilst they investigate.

Graphics chip manufacturer Nvidia is investigating claims that hackers have compromised its online stores as part of a larger attack that affected several of its websites.

On Friday, a hacker group calling itself Team Apollo claimed that one of Nvidia’s online stores was compromised. As a result, the company suspended access to its Board Store and Gear Store websites.

“Nvidia is investigating whether the store sites were hacked,” Bea Longworth, Nvidia’s senior PR manager for EMEAI (Europe, Middle East, Africa, India), said Monday via email. “We don’t have any evidence that credit card data or customer lists have been put at risk, but we’re investigating.”

The news follows confirmed compromises of some of the company’s other websites last week. “Nvidia Forums, Nvidia Developer Zone and Nvidia Research were compromised in what appears to have been a breach by third parties seeking sensitive information,” Longworth said. On Thursday, Nvidia revealed that hackers had gained access to the Nvidia Forums database and stole usernames, email addresses, hashed passwords and user profile information.

We haven’t really discussed Nvidia much before and I dont recall them being a hacking target previously, we’ve only mentioned them in passing when it comes to tools and methods using graphics card chips for brute forcing like – CUDA-Multiforcer – GPU Powered High Performance Multihash Brute Forcer.

I imagine them having a store and carrying out transactions online puts them in the firing range though, when there’s money or credit card details involved – the bad guys will come.


On the same day, the company also took its Developer Zone and Nvidia Research websites offline over suspicions of compromise. Those suspicions were confirmed on Friday, when a hacker posted hashed passwords for a proportion of DevZone users on a public website.

Nvidia was not the only company forced to deal with data leaks that resulted from hacker attacks during the past week.

On Tuesday, the company operating Formspring, a website where users can post and answer questions, disabled its users’ passwords after 420,000 password hashes were posted on a forum. The company later confirmed that someone broke into one of its development servers and stole user account information from a production database.

On Thursday, a hacker group published a list of 450,000 log-in credentials that it claimed to have stolen from the database of an unnamed Yahoo service. Yahoo later confirmed that the log-in credentials were from its Yahoo! Contributor Network service.

Nvidia has taken the other compromised sites down and confirmed they were hacked, I wonder if the threat against the store is just bravado or someone genuinely has compromised it. There seems to be no proof of that at this point however.

There seems to have a been a real glut of these kind of attacks lately, I wonder if there’s a new vulnerability passing around the underground that no-one knows about in a common web language like PHP or in a common service like Apache or the recent MySQL bug.

I wouldn’t be surprised if a lot of these are due to this: MySQL 1 Liner Hack Gives Root Access Without Password.

Source: Network World

Posted in: Exploits/Vulnerabilities, Hacking News


Latest Posts:


BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.


One Response to Nvidia Investigates Claims Of Online Store Compromise During Spate Of Hacking

  1. David Williams July 24, 2012 at 4:47 am #

    Seems having a web presence these days is motivation enough for hackers. Though it does make me wonder why more high profile businesses don’t use products like Barracuda Web Application Firewall to protect their websites from exploits like this. It would seem ratehr cheap insurance just from a PR stand point considering the cost of the fallout of such an event.