A significant data breach has hit GFN.AM, an authorized provider for the NVIDIA GeForce NOW cloud gaming service. Operating under “GFN CLOUD INTERNET SERVICES” LLC, the company officially disclosed the incident on May 5, 2026, after discovering that unauthorized actors had gained access to their backend systems.
The timeline of the breach is particularly concerning. While the intrusion was detected on May 2, investigators found that the initial unauthorized access occurred on March 9, 2026. This left a 54-day window where threat actors potentially had unfettered access to the service’s user database.
Who is Affected?
The scope of the breach is strictly limited by date. GFN.AM has confirmed that only users who registered on or before March 9, 2026, are at risk. If you created your account after this date, your data was not part of the compromised database.
Compromised Data Categories: While GFN.AM emphasized that passwords were not stolen, the following personal identifiers were exposed:
- Email addresses: The primary point of contact for most users.
- Phone numbers: Specifically for those who registered via mobile operators.
- Full Names: First and last names for users who used Google Sign-In.
- Dates of Birth: Used by many services for identity verification.
- Usernames: Individual handles used on the GFN.AM platform.
The Risk: Beyond Account Takeover
Although the lack of password exposure prevents immediate “brute-force” account takeovers, security experts warn that the leaked information is a goldmine for social engineering.
The combination of a user’s real name, phone number, and their interest in gaming allows cybercriminals to craft highly convincing phishing attacks. Attackers may pose as NVIDIA or GFN.AM support to trick users into revealing passwords or financial details. Additionally, users who had their phone numbers exposed face an increased risk of SIM swapping—a technique used to hijack 2FA codes sent via SMS.
Response and Remediation
GFN.AM states it has successfully “eliminated the root cause” of the breach and implemented new technical controls to harden its infrastructure. However, the company has remained silent on the specific nature of the vulnerability—leaving it unclear whether the breach was due to a misconfigured database or a compromised administrative credential.
What You Should Do Now: If you were a registered GFN.AM user prior to March 9, 2026, take these steps immediately:
- Watch for “Spear Phishing”: Be extremely skeptical of any email or SMS that mentions your GeForce NOW account or personal details.
- Audit Google Permissions: If you used Google Sign-In, check your Google Account security settings and review “Third-party apps with account access.”
- Upgrade Your 2FA: Move away from SMS-based two-factor authentication. Switch to an authenticator app (like Authy or Google Authenticator) or a hardware security key.
- Monitor Account Activity: Regularly check for unusual login attempts on your primary email and linked gaming accounts.
