A data breach at GFN.AM, an authorized NVIDIA GeForce NOW cloud gaming service provider operating under “GFN CLOUD INTERNET SERVICES” LLC, has exposed personal information belonging to registered users.
The company disclosed the incident on May 5, 2026, revealing that unauthorized access to its database occurred as far back as March 9, 2026, nearly two months before discovery.
The breach was first detected on May 2, 2026, leaving a roughly 54-day window during which threat actors may have had access to user records.
GFN.AM confirmed that the unauthorized party gained access to its backend database, allowing sensitive user data to be exfiltrated or viewed by third parties.
Critically, only users registered on or before March 9, 2026, are affected. The incident did not impact accounts created after that date.
NVIDIA Data Breach
According to the official disclosure, the following categories of personal data may have been compromised:
- Email addresses
- Phone numbers, for users who registered via a mobile operator
- Date of birth
- Full name (first and last), for users who authenticated through Google Sign-In
- GFN.AM platform username
The company emphasized that account passwords were not compromised in this incident, reducing the immediate risk of account takeover.
However, the exposed combination of email addresses, phone numbers, and full names poses a significant risk of phishing, SIM swapping, and social engineering targeting affected users.
Following the discovery of the breach, GFN.AM stated it took immediate steps to eliminate the root cause of the unauthorized access. The company has also implemented additional organizational and technical security controls to harden its information systems and reduce the likelihood of a similar incident.
No further technical specifics, such as whether the access involved a compromised credential, an unpatched vulnerability, or a misconfigured database, were disclosed in the public notice.
Security professionals warn that even without password exposure, the leaked data is highly valuable to cybercriminals. Personal identifiers such as full names, phone numbers, and email addresses are routinely used in targeted phishing and credential-stuffing campaigns.
Users who authenticated via Google should review their account activity, as their full names were among the exposed fields.
Users registered on or before March 9, 2026, should take the following precautions:
- Monitor email accounts for unusual login attempts or phishing messages.
- Be cautious of unsolicited calls or SMS messages referencing GFN.AM.
- Enable multi-factor authentication on linked Google and email accounts.
- Consider placing a fraud alert with relevant financial institutions if additional personal data is suspected to be involved.
GFN.AM has not publicly indicated whether affected users will be notified individually or whether regulatory authorities have been informed of the breach.
Cybercriminals now enter through your suppliers instead of your front door – Free Webinar
