NVIDIA GeForce NOW (GFN.am) — Armenian regional-partner breach

On 8 May 2026 NVIDIA confirmed a data breach affecting Armenian users of its GeForce NOW cloud-gaming service, traced to a compromise of the infrastructure operated by its regional partner GFN.am. Per NVIDIA’s statement, the intrusion took place between 20 and 26 March 2026 and the impact is limited to users registered with GFN.am on or before 9 March 2026. NVIDIA says its own network was not affected and that no passwords or payment data were exposed.

The exposed dataset includes full names (for users authenticating via Google), email addresses, usernames, dates of birth, membership status, 2FA/TOTP status, and phone numbers (for users registered via a mobile operator). The breach was first surfaced by a threat actor using the ShinyHunters nickname who claimed responsibility on a hacker forum, posted samples, and offered the full database for sale at $100,000 in Bitcoin or Monero. NVIDIA’s public assessment is that the persona is likely an impersonator rather than the established ShinyHunters crew — a recurring problem with that brand name in 2026.

The structural read is the same blast-radius story as several other recent incidents in this index: a third-party regional partner running its own infrastructure on behalf of a global brand absorbed the attack, the parent network was unaffected, and the user-side impact was contained to one country. NVIDIA’s containment of the incident to GFN.am-registered users only is a clean illustration of what regional-partner isolation buys when it is done properly.

A deep-dive will follow if the actor is properly identified, if other NVIDIA regional partners are pulled into the same campaign, or if substantive technical detail on the GFN.am infrastructure compromise becomes public.