GFN.AM, an authorized NVIDIA GeForce NOW cloud gaming service provider, has disclosed a data breach that exposed personal information of registered users. The company revealed that unauthorized access to its backend database dates back to March 9, 2026, but the incident was only discovered on May 2.
That means attackers may have had access to user records for nearly 54 days before the breach was detected. The company publicly disclosed the incident on May 5.
According to the disclosure, the breach impacts users who registered on or before March 9, 2026. Accounts created after that date were not affected.
Also Read: Best Game Recording Software
The exposed information reportedly includes email addresses, phone numbers linked through mobile operator registrations, dates of birth, usernames, and full names for users who signed in using Google authentication. GFN.AM says passwords were not compromised.
While the absence of password leaks lowers the risk of direct account takeovers, cybersecurity experts often warn that this kind of personal data is still highly valuable to attackers. Email addresses combined with phone numbers and real names can easily be used for phishing attacks, fake support scams, and SIM swapping attempts.
The incident also raises questions about how long the attackers remained undetected inside the system. A gap of nearly two months before discovery suggests the possibility of weak monitoring systems or delayed breach detection mechanisms. The company has not shared technical details about how the attackers gained access. It is still unclear whether the breach happened because of stolen credentials, a database misconfiguration, or an unpatched vulnerability.
The timing is also notable. Cloud gaming platforms are seeing growing adoption, especially as more users shift toward subscription-based gaming services. That growth also makes these services attractive targets for cybercriminals looking to collect large user databases.
Even though this breach did not directly affect NVIDIA’s own infrastructure, the association with GeForce NOW could still impact user trust. Many users may not fully understand the difference between NVIDIA-operated services and regional partners running licensed GeForce NOW platforms. For affected users, the branding connection alone may create confusion and concern.
The company says it has fixed the root cause of the issue and added new security measures to strengthen its systems. However, it has not confirmed whether affected users will receive direct notifications or whether regulators have been informed.
For now, affected users should stay alert for suspicious emails, calls, or text messages pretending to be from gaming services or account providers. Enabling multi-factor authentication on Google accounts and email services is also strongly recommended.
Related Posts
