GFN.AM Data Breach Exposes Personal Information of Early Registered Users
On May 5, 2026, GFN.AM an authorized NVIDIA GeForce NOW cloud gaming service provider under "GFN CLOUD INTERNET SERVICES" LLC disclosed a data breach affecting users registered on or before March 9, 2026. Unauthorized access to the company’s backend database occurred nearly two months prior, with the intrusion detected on May 2, 2026, leaving a 54-day window for potential data exposure.
The breach compromised a range of personal information, including:
- Email addresses
- Phone numbers (for mobile-registered users)
- Dates of birth
- Full names (for users who authenticated via Google Sign-In)
- GFN.AM platform usernames
While passwords were not exposed, the combination of leaked data particularly email addresses, phone numbers, and full names heightens risks of phishing, SIM swapping, and social engineering attacks. Users who signed in via Google are advised to review account activity due to the exposure of their full names.
GFN.AM responded by securing its systems and implementing additional security measures, though the root cause whether a compromised credential, unpatched vulnerability, or misconfiguration remains undisclosed. The company has not confirmed whether affected users will receive individual notifications or if regulatory authorities have been informed.
Security experts warn that the stolen data is valuable for cybercriminals, enabling targeted attacks even without password exposure. The incident underscores the growing threat of supply chain breaches, where third-party providers become entry points for attackers.
Source: https://cybersecuritynews.com/nvidia-data-breach-geforce-users/
GFN Cloud Internet Servies cybersecurity rating report: https://www.rankiteo.com/company/gfn-cis
"id": "GFN1778300632",
"linkid": "gfn-cis",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users registered on or before '
'March 9, 2026',
'industry': 'Technology/Gaming',
'name': 'GFN.AM (GFN CLOUD INTERNET SERVICES LLC)',
'type': 'Cloud Gaming Service Provider'}],
'customer_advisories': 'Users who signed in via Google are advised to review '
'account activity. All affected users should monitor '
'for phishing and social engineering attacks.',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII)',
'type_of_data_compromised': ['Email addresses',
'Phone numbers',
'Dates of birth',
'Full names (Google Sign-In '
'users)',
'GFN.AM usernames']},
'date_detected': '2026-05-02',
'date_publicly_disclosed': '2026-05-05',
'description': 'On May 5, 2026, GFN.AM, an authorized NVIDIA GeForce NOW '
"cloud gaming service provider under 'GFN CLOUD INTERNET "
"SERVICES' LLC, disclosed a data breach affecting users "
'registered on or before March 9, 2026. Unauthorized access to '
'the company’s backend database occurred nearly two months '
'prior, with the intrusion detected on May 2, 2026, leaving a '
'54-day window for potential data exposure. The breach '
'compromised personal information including email addresses, '
'phone numbers, dates of birth, full names (for Google Sign-In '
'users), and GFN.AM platform usernames. While passwords were '
'not exposed, the combination of leaked data heightens risks '
'of phishing, SIM swapping, and social engineering attacks.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': 'Email addresses, phone numbers, dates of '
'birth, full names (Google Sign-In users), '
'GFN.AM usernames',
'identity_theft_risk': 'Heightened risk of phishing, SIM swapping, '
'and social engineering attacks',
'systems_affected': 'Backend database'},
'investigation_status': 'Ongoing (root cause undisclosed)',
'lessons_learned': 'The incident underscores the growing threat of supply '
'chain breaches, where third-party providers become entry '
'points for attackers.',
'post_incident_analysis': {'corrective_actions': 'Additional security '
'measures implemented'},
'recommendations': 'Users are advised to review account activity, especially '
'those who signed in via Google, due to the exposure of '
'full names. Enhanced monitoring for phishing and social '
'engineering attacks is recommended.',
'response': {'containment_measures': 'Systems secured, additional security '
'measures implemented'},
'title': 'GFN.AM Data Breach Exposes Personal Information of Early Registered '
'Users',
'type': 'Data Breach'}