Hacker group Lapsus$ has leaked the credentials of more than 71,000 Nvidia employees after the company did not acquiesce to its demands. The group stole the corporate data during a recent ransomware attack and threatened to release it if Nvidia didn’t remove its cryptocurrency mining limiter (LHR) from its RTX 30-series video cards. Nvidia refused to do so, and the group has since issued another demand and claims it will release even more data if Nvidia doesn’t comply.
Earlier this week, Lapsus$ took credit for the leak of the source code for DLSS and information about six supposed unannounced GPUs. Along with the demand to remove the 30-series mining limiter, the digital ransom note demands that Nvidia make its RTX GPU drivers open source.
The South American hacker group claimed to have had access to Nvidia servers for over a week and managed to steal at least 1TB of data during its ransomware attack. Nvidia confirmed with PC Mag that a “threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online.”
Today’s leak of employee credentials includes employee email addresses and NTLM password hashes, which according to Have I Been Pwned are already being “cracked and circulated within the hacking community.” This seems to include past and current employees, since Nvidia listed its current workforce at 18,100 as of October 2020.
On Tuesday Lapsus$ amended its demands and said Nvidia has until Friday, March 4 to make all current and future GPU drivers open source. If Nvidia doesn’t comply, the group threatens to release information regarding silicon chip files and what it referred to as “closely-guarded trade secrets for graphics and computer chipsets” in a public Telegram message group.
The ‘choice’ the hackers are offering Nvidia reads like a note someone like Kite Man or the Condiment King would leave on the Mayor of Gotham City’s computer screen. At the time of writing, Nvidia has seemingly not met the demands of Lapsus$. Nvidia told PC Gamer in a statement on February 28 that the incident is being investigated and “commercial activities continue uninterrupted.” We reached out to Nvidia for comment again regarding today’s leak and will update when we receive a reply.