Hackers Breach Nokia Developer Forum
Finnish telecoms giant Nokia has warned that the personal information its phone apps developers may have been compromised in a security breach on its official developer forum.
Nokia‘s investigation of the incident led to the discovery of a database table that contains developer forum members’ email addresses being accessed by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack.
The breach emerged after Nokia handed over the $10 million total prize to the winners of the recently held Calling All Innovators competition that gathered together developers from USA and Finland.
“Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger,” Nokia said in a statement.
Nokia developers would notice that when trying to visit the forum with a usual chat about technical issues, they would be taken to a third-party Web page that contains the picture of Homer Simpson.
Hackers were able to access databases containing members’ email addresses, birth dates, and usernames for AIM, ICQ, MSN, Skype or Yahoo.
“However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members’ accounts is at risk,” Nokia said.
Other Nokia accounts are not affected.
Nokia added: “We are not aware of any misuse of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited email. Nokia apologizes for this incident.
“Though the initial vulnerability was addressed immediately, we have now taken the developer community website offline as a precautionary measure, while we conduct further investigations and security assessments. We hope to get the site back online as soon as possible and will post developments here in the meantime.”
“Of course, the forum’s suspension is of little consolation for those people who were affected by the security breach – they’re now going to wonder if they’re going to be on the receiving end of spam campaigns, malicious email attacks and phishing expeditions,” Sophos technology consultant Graham Cluley said.