Hackers breach Nokia developer community
SQL injection attack forces Nokia to take down a developer community forum.
Nokia's developer website has been hit by an SQL injection attack.
The Finnish mobile firm warned a significant number of members from the mobile giant's developer community forum had their details accessed.
The site has been taken down as a precautionary measure. The vulnerability exploited to attack the forum has been addressed, Nokia confirmed.
What we think...
Nokia has added to the growing list of tech giants who have been hit by a hack attack this year.
Sony and RSA have already felt the pain of what a data breach means in terms of cost and reputation. Nokia, already in a bedraggled state in the smartphone market, will be hoping the ramifications aren't so serious.
Tom Brewster, Senior Staff Writer
"During our ongoing investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack," a post on the developer.nokia.com/community discussion forum read at the time of publication.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger."
As for what data could have been swiped by the intruders, Nokia said email addresses were compromised. For a small proportion of users who chose to include such information in their public profile, birth dates and usernames for Web 2.0 sites including MSN, Skype and Yahoo were accessed.
"They do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members' accounts is at risk. Other Nokia accounts are not affected," Nokia added.
"We are not aware of any misuse of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited email. Nokia apologises for this incident."
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
AI tools are growing in popularity at enterprises, but not all of them are approved by employers – and that’s a serious problem for IT and security leaders
Kyndryl and Nokia extend partnership to drive data center networking gains
“It’s almost like moving from one aircraft carrier to another”: Inside National Trust’s sweeping digital transformation