updated 05:39 pm EDT, Fri July 13, 2012
Forum downtime part of ongoing NVIDIA security investigation
Users of NVIDIA's official forums received an explanation for service interruptions that occurred last week. The company reportedly discovered suspicious activity, quickly launching an investigation that determined sensitive information, including user e-mail addresses and passwords, had been taken by hackers. NVIDIA claims that the passwords were hashed with a random salt value and were not stored in clear text, making them fairly unusable.
Other information that was taken during the hacking raid included usernames and public-facing "About Me" profile information, which could be gained through normal viewing of the forums. Around 390,000 accounts were registered on the forums, including 100,000 in the NVIDIA Developers Zone, although it was not disclosed how many accounts were compromised. The announcement page taking the place of the forums states that the investigation will continue, and when the forums are reintroduced, all passwords will be reset. Users will receive a temporary password via e-mail, though the company cautions that affected users should change their passwords elsewhere if they are identical to those taken.
Yesterday, over 400,000 passwords and e-mail combinations from a Yahoo Voices server were posted online, leading critics to blast Yahoo for having lax security. LinkedIn last month suffered a similar fate, having encrypted passwords posted onto Russian hacker sites for its 6.5 million accounts. These, along with other events, certainly emphasize the need for strong user passwords.[via The Verge]