According to a post on their forum front page:
NVIDIA suspended operations of the NVIDIA Forums (forums.nvidia.com) last week.
We did this in response to suspicious activity and immediately began an investigation. We apologize that our continuing investigation is taking this long. Know that we are working around the clock to ensure that secure operations can be restored.
Our investigation has identified that unauthorized third parties gained access to some user information, including:
• username
• email address
• hashed passwords with random salt value
• public-facing "About Me" profile information
NVIDIA did not store any passwords in clear text. "About Me" optional profiles could include a user's title, age, birthdate, gender, location, interests, email and website URL - all of which was already publicly accessible.
|
|
About the only minor concern was that any personal information could now be associated with an email address, which it probably could not have prior to the breach.
In addition to asserting that all accounts will have their password changed to a temporary value and that password sent to the registered email address, the Nvidia announcement makes one additional smart suggestion: "As a precautionary measure, we strongly recommend that you change any identical passwords that you may be using elsewhere."
Once the company became aware of the intrusion, it immediately terminated operations for the three forums (Nvidia Forum, Developer Zone and Research Site) for which the accounts were used. In addition, Nvidia terminated two other sub sites; the Nvidia Board Store which sold the company's products and Nvidia Gear Store, which sold corporate-themed merchandise.
The investigation is continuing and the company will not reinstate the five sites until it can be sure that "secure operations can be restored."
