A data breach at GFN.AM — an authorized NVIDIA GeForce NOW cloud gaming service provider operating under “GFN CLOUD INTERNET SERVICES” LLC — has exposed personal information belonging to registered users. The breach, disclosed on May 5, 2026, involved unauthorized access to the company’s backend database as far back as March 9, 2026, leaving a roughly 54-day window during which threat actors had undetected access to user records.
What Data Was Exposed?
According to GFN.AM’s official disclosure, the following categories of personal data may have been compromised for users registered on or before March 9, 2026:
- Email addresses
- Phone numbers — for users who registered via a mobile operator
- Date of birth
- Full name (first and last) — for users who authenticated through Google Sign-In
- GFN.AM platform username
The company emphasized that account passwords were not compromised in this incident, reducing the immediate risk of direct account takeover. However, the exposed combination of email addresses, phone numbers, full names, and dates of birth poses a significant risk of secondary attacks including phishing, SIM swapping, and social engineering campaigns targeting affected users.
Timeline of the Breach
The breach timeline reveals a substantial detection gap:
- March 9, 2026: Unauthorized access to the database begins
- May 2, 2026: GFN.AM detects the breach — 54 days after initial compromise
- May 5, 2026: GFN.AM publicly discloses the incident
Only users registered on or before March 9, 2026, are affected. Accounts created after that date were not impacted by this incident. No further technical specifics — such as whether the access involved a compromised credential, an unpatched vulnerability, or a misconfigured database — were disclosed in the public notice.
Who Is GFN.AM?
GFN.AM is an authorized regional provider of NVIDIA’s GeForce NOW cloud gaming service, operating primarily in Armenia under “GFN CLOUD INTERNET SERVICES” LLC. GeForce NOW allows users to stream PC games from the cloud without requiring high-end local hardware, and has attracted a significant user base across regions where the official NVIDIA service may have limited direct availability.
It is important to note that this breach appears to be limited to GFN.AM’s own infrastructure and does not necessarily indicate any compromise of NVIDIA’s core GeForce NOW platform or user accounts on NVIDIA’s official service.
Response and Remediation
Following the discovery of the breach, GFN.AM stated it took immediate steps to eliminate the root cause of the unauthorized access and has implemented additional organizational and technical security controls to harden its information systems. The company has not publicly indicated whether affected users will be notified individually, or whether regulatory authorities — including those under relevant data protection frameworks — have been formally informed of the incident.
What Affected Users Should Do Now
Users who registered on or before March 9, 2026, should take the following precautions immediately:
- Monitor email accounts for unusual login attempts, password reset requests, or phishing messages referencing GFN.AM or NVIDIA
- Be cautious of unsolicited calls or SMS messages that reference your GFN.AM account, gaming activity, or personal details
- Enable multi-factor authentication on linked Google and email accounts if not already active
- Review Google account activity — since full names were exposed for Google Sign-In users, watch for any suspicious OAuth authorizations
- Consider placing a fraud alert with relevant financial institutions if you believe additional personal data may be involved
- Change passwords for any accounts that share email/username combinations used on GFN.AM, as a precautionary measure
This incident is a reminder that third-party authorized service providers within major technology ecosystems can represent significant security blind spots. Users of cloud gaming platforms and other SaaS services should periodically review which regional providers they have signed up with and ensure those providers maintain adequate security standards.