GFN.AM Data Breach Exposes Personal Data of GeForce NOW Users Registered Before March 2026

Context GFN.AM operates as an authorized NVIDIA GeForce NOW cloud‑gaming provider under “GFN CLOUD INTERNET SERVICES” LLC. On May 5, 2026 the company disclosed that an intruder had accessed its backend database, allowing viewing or exfiltration of user records. The breach affected only accounts created before the intrusion start date; later registrations remain unaffected. No evidence suggests that payment information or authentication tokens were taken.

Key Facts - Intrusion started: March 9, 2026. - Detection: May 2, 2026 → approximately 54‑day exposure window. - Public disclosure: May 5, 2026. - Data exposed: email addresses, phone numbers (for users who signed up via a mobile operator), date of birth, full names (for Google Sign‑In users), and GFN.AM usernames. - Passwords: not accessed. - Affected population: users registered on or before March 9, 2026; accounts created after that date were not impacted.

What It Means The leaked identifiers enable phishing, SIM‑swapping, and social‑engineering attacks, even without password exposure. Users who authenticated via Google should review account activity because their full names were among the exposed fields. Combining email, phone number, and name increases the credibility of fraudulent messages, raising the risk of credential‑stuffing attempts on other services. Affected individuals should monitor for unexpected login attempts, unsolicited calls or SMS referencing GFN.AM, and consider enabling multi‑factor authentication on linked email and Google accounts.

Mitigations - Force password resets for all accounts and require MFA for administrative and user portals. - Review database access logs for anomalous queries from internal or external IPs; enable alerts for privilege‑escalation attempts (MITRE ATT&CK T1068). - Apply the latest security patches to database software and monitor for known vulnerabilities (check vendor advisories for CVEs related to the database version). - Implement network segmentation to limit lateral movement from compromised credentials. - Conduct user‑focused awareness campaigns about phishing and SIM‑swap risks. - Consider placing fraud alerts with financial institutions if additional personal data is suspected to be involved.

What to watch next Regulators may issue guidance on notification timelines under UK GDPR, and GFN.AM may announce whether affected users will receive individual alerts or credit‑monitoring offers. Ongoing monitoring for follow‑up phishing campaigns targeting the exposed data will be essential.