NVIDIA Forums Hacked, User Data Compromised
Tarun Raju reports:
Late Thursday, NVIDIA deactivated its user forums (forums.nvidia.com) on the company website, citing security reasons. According to the company, a security breach was discovered (the forums website was hacked). Critical user data may have been compromised (stolen). Even as investigations into the breach are underway, the company ascertained that the hackers gained access to user data such as user names, hashed passwords along with random salt value, e-mail addresses of the users, and contents of the “About Me” field.
The forum passwords, according to NVIDIA, are not stored in plain text, but in a hashed form. Passwords in this form, along with random salt value (a cryptographic component that makes hashing each password unique), were accessed. Along with user names and passwords, the hackers gained access to the registration e-mail addresses of the users. These addresses are typically used by forum software to send administrative messages, and for password recovery.