A few people have asked me if I came across the NVIDIA hashes yet. My answer until up about 2 hours ago was … nope. Fortunately, I was getting caught up on Twitter and saw a retweet from @mubix (originally tweeted by @dinosn) pointing to a Pastebin dump. Also thanks to @unlockedwheel for again answering my call and providing the same link. For those that might not be familiar with this whole NVIDIA thing, apparently they discovered (i.e., someone likely reported it to them) a potential breach of their Forums, Developer Zone, and Research sites. This brouhaha all started apparently late Thursday when NVIDIA communicated they were deactivating their forums for security reasons. As the investigation continued NVIDIA discovered that the bad guys potentially gained access to usernames, hashed passwords, random salts, emails, and other data associated with these forums. Note the “random salts” part … more on that later.
Just skimming the dump it looks like SQL associated with creating and populating a “users” table from one of the breached services. Among other things the SQL statements include the usernames as well as the password hash and email associated with each. There’s data for 807 user accounts and out of this set there’s some interesting data points. The hashes associated with the passwords are 32 characters in length so we are looking at a measly 128-bits. The company had not disclosed the algorithm yet but it most likely looked like SHA-1 (hopefully) or MD5. @unlockedwheel later mentioned the most common password being “nvidia123” and the algorithm being an unsalted MD5. Huh? As previously mentioned NVIDIA claimed the passwords were hashed using a salt. Well unless the folks from The Apollo Project tamper with the data, this looks like pretty much a plain old MD5. As an example “nvidia123” hashes to “b018f55f348b0959333be092ba0b1f41”. Search through the dump for that result and you’ll find it three times.
For those that like to say the breach extends to other companies just by the presence of their email addresses, the dump contains 251 Google, 38 Microsoft, 37 Yahoo, and 25 NVIDIA related email addresses. Of course with all dumps like this there usually is some discussion about the who, what, why, etc. Some of the particular interesting tidbits included the following:
- In the opening… “Oh, and nVidia forgot to tell you that shop.nvidia.com has also been compromised.” (note: NVIDIA has since suspended operations of their store as a security precaution; see screenshot below)
- And in closing … there looks like there’s more to come… “~Partial dump as Pastebin are tards. Will dump rest at lter stage.”
So for all those those password crackers out there … here the dump (or at least a part of it)! (Note for some reason we were having problems linking directly to this dump so we created a bit.ly link instead.)
Some other things you might be interested in…
As discussed above The Apollo Project mentioned the NVIDIA store being compromised as well. As expected NVIDIA took down the store in the meantime. And here’s the most up to date page…
Updates: This post first went out Saturday, July 14th around 6:00 PM but we have been updating it with new information as we’ve learned it. Currently the last update was at 11:30 AM on July 15th.
Enjoy the rest of your weekend … and happy cracking! Today’s post pic is from PCMag.com. See ya!