NVIDIA yesterday announced that it has suspended operations of its NVIDIA Developer Zone and NVIDIA Forums following cyber attacks that may have resulted in the exposure of user names, e-mail addresses, hashed passwords and profile information.
"Nvidia was quick to state that while it had not stored users' password in the clear, the hackers did get hold of hashed passwords with a random salt value," writes Reg Hardware's Tony Smith. "When the forums come back up -- Nvidia couldn't say when this will take place beyond a general 'as soon as possible' -- all user passwords will be automatically reset. It will email users to prompt them to change their new, freshly assigned password."
"We are investigating this matter and working around the clock to ensure that secure operations can be restored," the company said in a statement. "As a precautionary measure, we strongly recommend that you change any identical passwords that you may be using elsewhere."
"Password re-use is a big problem -- with an alarming number of people using the same password on multiple sites," writes Sophos' Graham Cluley. "The consequences of that lax attitude to security is that if you get hacked in one place, your other online accounts could also be accessed. For instance, if you used the same password on NVIDIA as you did on your web email account -- it would be child's play for hackers to gain access to your personal communications and steal other information about you."
"The likely impact of the breach will be an increase in phishing attacks," writes PCMag.com's Chloe Albanesius. "As a result, if you receive any emails from Nvidia that ask for personal information, don't fall for it. 'Nvidia does not request sensitive information by email. Do not provide personal, financial or sensitive information (including new passwords) in response to any email purporting to be sent by an Nvidia employee or representative,' the company said."