NVIDIA Hashes – Courtesy The Apollo Project

July 14, 2012
By

Post to Twitter Post to Facebook Post to Reddit

Nvidia LogoA few people have asked me if I came across the NVIDIA hashes yet. My answer until up about 2 hours ago was … nope. Fortunately, I was getting caught up on Twitter and saw a retweet from @mubix (originally tweeted by @dinosn) pointing to a Pastebin dump. Also thanks to @unlockedwheel for again answering my call and providing the same link. For those that might not be familiar with this whole NVIDIA thing, apparently they discovered (i.e., someone likely reported it to them) a potential breach of their Forums, Developer Zone, and Research sites. This brouhaha all started apparently late Thursday when NVIDIA communicated they were deactivating their forums for security reasons. As the investigation continued NVIDIA discovered that the bad guys potentially gained access to usernames, hashed passwords, random salts, emails, and other data associated with these forums. Note the “random salts” part … more on that later.

Just skimming the dump it looks like SQL associated with creating and populating a “users” table from one of the breached services. Among other things the SQL statements include the usernames as well as the password hash and email associated with each. There’s data for 807 user accounts and out of this set there’s some interesting data points. The hashes associated with the passwords are 32 characters in length so we are looking at a measly 128-bits. The company had not disclosed the algorithm yet but it most likely looked like SHA-1 (hopefully) or MD5. @unlockedwheel later mentioned the most common password being “nvidia123″ and the algorithm being an unsalted MD5. Huh? As previously mentioned NVIDIA claimed the passwords were hashed using a salt. Well unless the folks from The Apollo Project tamper with the data, this looks like pretty much a plain old MD5. As an example “nvidia123″ hashes to “b018f55f348b0959333be092ba0b1f41″. Search through the dump for that result and you’ll find it three times.

For those that like to say the breach extends to other companies just by the presence of their email addresses, the dump contains 251 Google, 38 Microsoft, 37 Yahoo, and 25 NVIDIA related email addresses. Of course with all dumps like this there usually is some discussion about the who, what, why, etc. Some of the particular interesting tidbits included the following:

  • In the opening… “Oh, and nVidia forgot to tell you that shop.nvidia.com has also been compromised.” (note: NVIDIA has since suspended operations of their store as a security precaution; see screenshot below)
  • And in closing … there looks like there’s more to come… “~Partial dump as Pastebin are tards. Will dump rest at lter stage.”

So for all those those password crackers out there … here the dump (or at least a part of it)! (Note for some reason we were having problems linking directly to this dump so we created a bit.ly link instead.)

http://pastebin.c0m/G21ytATD (aka http://bit.ly/nispnvidiadump)

Some other things you might be interested in…

Here’s a screenshot of what you get when visiting the NVIDIA forums… (courtesy VR-Zone.com). You can find the most up to date forums message here.

NVIDIA Forums Warning

Here’s another warning provided to users of the Developer Zone (courtesy CyberCrimesUnit.com). You can find the most up to date developer zone message here.

NVIDIA Developer Zone Warning

As discussed above The Apollo Project mentioned the NVIDIA store being compromised as well. As expected NVIDIA took down the store in the meantime. And here’s the most up to date page

NVIDIA Store Warning

Updates: This post first went out Saturday, July 14th around 6:00 PM but we have been updating it with new information as we’ve learned it. Currently the last update was at 11:30 AM on July 15th.

 #####

Enjoy the rest of your weekend … and happy cracking! Today’s post pic is from PCMag.com. See ya!

Tags: , ,

15 Responses to NVIDIA Hashes – Courtesy The Apollo Project

  1. (@novainfosec) (@novainfosec) on July 14, 2012 at 6:17 pm

    Nvidia hashes have showed up on pastebin. Some discussion and a link to the dump. http://t.co/5j1daz6L

  2. (@novainfosec) (@novainfosec) on July 14, 2012 at 6:48 pm

    #NOVABLOGGER: Nvidia Hashes – Courtesy The Apollo Project http://t.co/5j1daz6L http://t.co/IntXkFbO

  3. (@Nathiet) (@Nathiet) on July 14, 2012 at 7:11 pm

    #NoVABlogger NVIDIA Hashes – Courtesy The Apollo Project http://t.co/N6gtPJ6x

  4. Shrikant Adhikarla (@shrikant86) on July 14, 2012 at 8:05 pm

    Its hash again #nvidia http://t.co/2CDxFQck

  5. dum0k (@dum0k) on July 14, 2012 at 8:15 pm

    NVIDIA Hashes – Courtesy The Apollo Project
    http://t.co/84GlJ0iK

  6. (@PacketknifeToo) (@PacketknifeToo) on July 14, 2012 at 8:42 pm

    NVIDIA Hashes – Courtesy The Apollo Project http://t.co/NvFf3jCl

  7. (@opexxx) (@opexxx) on July 14, 2012 at 9:15 pm

    NVIDIA Hashes – Courtesy The Apollo Project http://t.co/JqJZdLRc

  8. (@CyberSecMatters) (@CyberSecMatters) on July 14, 2012 at 9:46 pm

    A few people have asked me if I came across the NVIDIA hashes yet. My answer until up about 2 hours ago was … no… http://t.co/6u8mfGvE

  9. JL Vega Montesino (@vegamontesino) on July 14, 2012 at 11:23 pm

    NVIDIA Hashes – Courtesy The Apollo Project http://t.co/EG6AU31h via @zite – NVIDIA got hacked.

  10. (@csec) (@csec) on July 15, 2012 at 4:05 am

    NVIDIA Hashes – Courtesy The Apollo Project: [nova#infosecportal.com] A few people have asked me if I came across… http://t.co/iNSOBHOD

  11. (@novainfosec) (@novainfosec) on July 15, 2012 at 11:43 am

    Been updating NVIDIA dump post. Looks like plain old unsalted MD5. Credits to @UnlockedWheel. http://t.co/5j1daz6L

  12. Hacker Yolk (@HackerYolk) on July 15, 2012 at 3:06 pm

    Nvidia Hashes — Courtesy Apollo Project | Dump + now w/ power of unsalted MD5s – http://t.co/OEav3KWw /HN

  13. Tech Delight (@techdelight) on July 15, 2012 at 3:51 pm

    NVIDIA Hashes ? Courtesy The Apollo Project … Using unsalted MD5s #technology http://t.co/ufSDzg0V

  14. (@novainfosec) (@novainfosec) on July 15, 2012 at 4:26 pm

    BLOGGED: NVIDIA Hashes Update http://t.co/5j1daz6L //Looks like unsalted MD5 vs their statement of using salts.

  15. (@novainfosec) (@novainfosec) on July 15, 2012 at 11:22 pm

    Appears NVIDIA using unsalted MD5 hash.. From @grecs ‘s Sat post.. http://t.co/5j1daz6L

Leave a Reply

Your email address will not be published. Required fields are marked *


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.