If you guys remember, last week Nvidia sent out an e-mail out to all their forum users letting them know that their forum was hacked and user information had been compromised. In that e-mail, Nvidia told users that while the password information was hacked, all passwords were “hashed passwords with random salt value”. While salted passwords aren’t impossible to crack, they are much more difficult to crack than unhashed passwords so the possibility of hackers actually going in and cracking all nth thousand passwords would be a bit unlikely.
Well, according to a keen eye at TechPowerUp, it seems like Nvidia had been less than truthful. The group of hackers who hacked the Nvidia forums, Apollo, recently pasted a portion of their exploits on PasteBin for public eyes to see and it seems like the passwords had been stored as MD5 hashes and are not in fact salted. While MD5 hashes may have been difficult to crack years ago, large databases of pre-decrypted MD5 hashes and advancements in CUDA accelerated MD5 decryption applications (Yes, using Nvidia graphics cards to crack Nvidia forum passwords. I know…), MD5 hashes are in fact quite easily decrpted nowadays.
Additionally, it seems like Apollo has also shared another fun fact with us as well. They’re claiming that they’ve also compromised the Nvidia store in addition to the forums. Doh! This means that they may have access to even more personally identifiable information such as addresses, phone numbers, and possibly credit cards.
If you haven’t changed your passwords yet, it’s time to do so… Now! While you’re doing that, might as well grab some credit monitoring as well.