A recent data breach involving GFN.AM, a licensed provider of NVIDIA GeForce NOW services, has led to the exposure of personal information for its registered users. The company, operating under the name ‘GFN CLOUD INTERNET SERVICES’ LLC, announced the breach on May 5, 2026, noting unauthorized access had occurred nearly two months prior.
Details of the Breach
The intrusion, which happened on March 9, 2026, went undetected for approximately 54 days until it was discovered on May 2, 2026. During this period, unauthorized parties may have accessed user data through the service’s backend database, as confirmed by GFN.AM.
Importantly, only those users who registered on or before the breach date of March 9, 2026, were affected. Accounts created after this date were not involved in the incident.
Exposed Information and Risks
The official notification from the company highlights several categories of potentially compromised data, including email addresses, phone numbers (for users registered via a mobile operator), dates of birth, full names for those using Google Sign-In, and GFN.AM platform usernames.
Despite assurances that user passwords were not exposed, the combination of other personal details poses significant risks, such as phishing attacks, SIM swapping, and social engineering schemes.
Response and Security Measures
In response to the breach, GFN.AM has acted swiftly to address the root cause of the unauthorized access. The company has implemented additional security measures to strengthen its systems and prevent future incidents of this nature.
While the specifics of the breach’s technical aspects, such as potential compromised credentials or system vulnerabilities, were not disclosed, security experts warn that the leaked information remains a valuable asset for cybercriminals.
Affected users, particularly those who authenticated using Google, are advised to monitor account activity closely and take steps to secure their accounts, such as enabling multi-factor authentication and remaining vigilant against phishing attempts.
Recommendations and Future Outlook
Users registered before the breach date should be proactive in monitoring their email accounts for unusual activity, be wary of unsolicited communications, and consider placing fraud alerts with financial institutions if necessary.
As of now, GFN.AM has not confirmed whether individual notifications will be sent to affected users or if regulatory bodies have been informed. The breach underscores the growing trend of cyber threats emerging from third-party service providers, highlighting the need for enhanced cybersecurity measures.
