Forbes received word that NVIDIA's corporate network was breached earlier this month. Bob Worall, NVIDIA's SVP and CIO, revealed details about the hack in an e-mail to current staff, informing them that their individual information had been compromised. According to the e-mail, the hack occurred during the first week of December and involved employee user accounts and passwords.
They go on to say that there's no indication that other data was accessed and advise employees to regularly change passwords on both company and personal accounts, and to never use the same password for more than one account.
The e-mail seems to suggest that the breach was performed via a phishing e-mail:
Here are the key points summarized:
Review bank statements and credit card statements for unauthorized activity
Call the police if you think you’re an ID theft victim
Be alert to phishing emails
“Regularly change your passwords on both company and personal accounts. Avoid using the same password for more than one account“
Points three and four stood out as this leads me to believe that this was the root of the issue and possibly how the breach was able to transpire via a phishing email coupled with a reused password. The last point about password reuse is a really important point to drive home. Users are their own worst enemies when it comes to passwords. Many folks use passwords that are simple for them to recall and then, sadly, reuse these on multiple sites. This is a real problem in the event one site gets breached, like a retailer, then the attackers can and will reuse those accounts in an attempt to gain access to other sites such as a bank.