After reporting last week that they’re investigating an incident, Nvidia has confirmed that they were hacked and that the threat actor is leaking employee credentials and proprietary information on the internet. Hacking group Lapsus$ took responsibility for the attack and demanded that Nvidia make its drivers open-source if it doesn’t want more data to leak.
In a statement to Bloomberg, the company said that it doesn’t expect any disruptions to commercial capabilities. Additionally, Nvidia has strengthened its cybersecurity, reported the incident to law enforcement and is working with cybersecurity experts to respond to the attack.
The company hasn’t caved into the hackers’ demands yet. Lapsus$ has added that the company has until Friday to accept these demands; otherwise, they’ll leak the silicon, graphics and chipsets file they’ve found during the hack.
Forcing Nvidia’s hand?
According to PCMag, the hacking group claims to have stolen over a terabyte of data from Nvidia, out of which the hardware folder alone accounts for 250GB containing information all recent Nvidia cards, including the RTX 3090Ti.
The group was previously demanding that Nvidia remove all restrictions from its recent cards that make them less efficient for crypto-mining. However, as of March 2, the hackers have updated their demands telling Nvidia to make all their drivers for Windows, Mac and Linux open-source and distribute them under a FOSS license permanently starting right away.
After Nvidia’s confirmation that it was investigating an incident, speculation was that the attack might either be ransomware or somehow related to the Russia-Ukraine conflict. However, the company has declined these claims stating that there’s no evidence to suggest the same.