NVIDIA GeForce NOW GFN.am Data Breach: What Was Exposed and How to Respond

GFN.am has been described in reporting as an authorized NVIDIA GeForce NOW cloud gaming service provider ^[10]. Reports citing GFN.am’s disclosure say unauthorized database access dated back to March 9, 2026, was discovered on May 2, and was publicly disclosed on May 5 ^[1][10]. Another report describes the incident window as March 20–26 ^[6]. Because those timelines do not match, the exact public breach window should be treated as unresolved unless a user-specific notice says otherwise.

What data may have been exposed

The exposed information reportedly included personal account details such as full names, email addresses, phone numbers, dates of birth, usernames, or GFN.am nicknames ^[1][6]. Some reports also mention membership or account status, and 2FA-related metadata in the claimed data set ^[8][12].

The most important limitation is that available reports say account passwords were not exposed ^[1][6][12]. That lowers the risk of direct password compromise from this incident, but it does not eliminate risk. Names, emails, phone numbers, dates of birth, usernames, and account-status details can still make phishing messages and account-recovery scams more convincing ^[1][6][8].

Who should consider themselves at risk?

NVIDIA’s statement framed the confirmed impact as tied to an Armenia-based partner’s infrastructure, not NVIDIA’s own network ^[5]. At the same time, reports say GFN.am’s GeForce NOW service has also covered Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan ^[1][12].

The safest test is account path, not just geography. If your GeForce NOW registration, billing, local service access, or account notice points to GFN.am, treat yourself as potentially affected until you receive clear official guidance. Some reports say accounts registered on or before March 9, 2026 were affected and accounts created after that date were not ^[1][10]. Because another report gives a March 20–26 incident window, users should not rely on that cutoff alone ^[6].

What GFN.am users should do now

1. Check official notifications directly. NVIDIA reportedly said impacted users would be notified by GFN.am, and reports also say GFN.am planned to directly notify affected users ^[1][9][12]. Do not click links in unexpected emails, texts, or social messages claiming to offer breach help; go directly to official NVIDIA or GFN.am channels.

2. Reset your GFN.am or GeForce NOW password if you used the GFN.am service. Reports say passwords were not exposed, so this is a precaution rather than proof that your password is public ^[1][6]. It is especially important if the password was reused anywhere else.

3. Remove password reuse on other accounts. If the same password was used for email, gaming, payment, cloud, or social accounts, change those passwords too. Start with the email account tied to GFN.am because email access can be used to reset other services.

4. Enable two-factor authentication where available. Some reports say the claimed data included 2FA status or related metadata ^[8][12]. Turning on 2FA for email, gaming, payment, and cloud accounts reduces the value of stolen personal details and reused passwords.

5. Watch for targeted phishing. Because exposed fields reportedly include names, email addresses, phone numbers, dates of birth, usernames, nicknames, and account details, attackers may be able to personalize fake support messages ^[1][6][8]. Be suspicious of messages about refunds, urgent verification, breach compensation, locked accounts, or password resets.

6. Monitor account activity. Look for unfamiliar logins, password-reset emails, new devices, changed recovery details, and unexpected payment activity. If your phone number was exposed, be extra cautious with verification-code texts, carrier-account messages, or calls asking for identity confirmation ^[6].

What remains unclear

There is no verified public total for the number of affected users in the available sources. ShinyHunters reportedly claimed a large or millions-scale database, but that figure comes from the threat actor’s claim and should not be treated as independently confirmed ^[8].

It is also not clear from the available reporting whether the full claimed data set was sold or widely distributed. Until NVIDIA or GFN.am provides more precise user-level information, affected users should assume exposed personal details could be used for phishing and account-recovery attempts.

Bottom line

The key distinction is that NVIDIA says its own GeForce NOW-operated services were not breached, while systems run by GFN.am, an Armenian GeForce NOW Alliance partner, were the focus of the incident ^[5]. If you used GeForce NOW through GFN.am, secure the account, eliminate password reuse, enable two-factor authentication, and treat any unexpected breach-related message as suspicious.