Nokia waves off IntelBroker breach claims, says leaked source code came from a third party application
Notorious threat actor IntelBroker released a cache of stolen data


Nokia has issued a statement claiming leaked source code data published on an underground hacking forum was stolen from a third-party server and poses no threat to Nokia or its customers.
The Finnish telecommunications company downplayed the severity of the incident, claiming no company or customer data was implicated in the leak.
The prominent threat actor IntelBroker listed a “large collection of Nokia source code’ to the notorious BreachForums on 4 November, offering the stolen archive for sale.
It claimed it was able to steal the information from a third-party contractor that had been working closely with Nokia to help develop internal tools.
The compromised data was said to include SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, webhooks, and hardcoded credentials.
According to external analysis of the sample data provided by IntelBroker, the leaked data also contained potentially sensitive customer information related to Vodafone Idea, India’s largest telecoms company.
Nokia immediately launched an investigation into the incident, maintaining at the time it was not aware of any malicious activity impacting its systems or data.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
On 7 November, IntelBroker posted on social media stating that it would be publishing the entire collection of stolen data as Nokia refused to acknowledge the breach.
“Since Nokia have denied that they had their data taken from a 3rd party, the data is now freely available to download.”
Nokia says stolen data poses no threat to company or customers
IntelBroker told one outlet it extracted the information after gaining access to a third-party vendor’s SonarQube server using standard credentials, which allowed them to download a series of Python projects belonging to customers including Nokia.
A Nokia spokesperson told ITPro the company’s investigation showed no evidence of its internal systems or data being compromised, confirming the attacker breached a third-party working with Nokia on an application for use on a single customer network.
"Our investigation has found no evidence that our systems or data have been compromised. This is a 3rd party security incident related to a single customized software application used on a single customer network.”
The spokesperson added that the software did not contain any Nokia source code and could not be used maliciously against Nokia or its customers.
“This software was not developed by Nokia, contains no Nokia source code, and cannot be used to negatively impact Nokia or its customers. We continue to closely monitor the situation."
IntelBroker is one of the most prolific threat actors operating on BreachForums, previously listing 80 tranches of stolen data for sale on the forum.
Notable victims who have had their data leaked by the cyber criminal in recent months include Apple, Cisco, Zscaler, Europol, AMD, HSBC, and Barclays.
But questions have been raised over the authenticity of some of these claims with companies frequently claiming the scope of the stolen data possessed by IntelBroker was over exaggerated.
Solomon Klappholz is a former Staff Writer at ITPro adn ChannelPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
Nokia subsidiary reveals data breach following Conti ransomware raid
News SAC Wireless notifies current and former employees that their personal information may be at risk
By Rene Millman Published
-
Nokia blackmailed for millions of Euros six years ago
News Criminals who stole source code extorted phone company, according to reports
By Rene Millman Published
-
Hackers breach Nokia developer community
News SQL injection attack forces Nokia to take down a developer community forum.
By Tom Brewster Published
-
Week in Review: Kaspersky hit by hackers, UK hit by spending cuts
News This week, security company Kaspersky gets hit by an anti-virus scam and George Osborne unleashes the spending cuts on the nation.
By Jennifer Scott Published
-
Week in Review: Nokia World and the invisible keyboard
News This week in IT, Nokia World was held in London, HP spent over a billion on a security firm and an invisible keyboard was created.
By Tom Brewster Published
-
Smartphone security survives hacking tournament
News Smartphones are left unhacked, but is that because they are inherently secure, or because security experts don’t know enough about them?
By Asavin Wattanajantra Published
-
Check Point buys up Nokia’s security appliances
News A 12-year collaborative effort ends with Check Point taking over Nokia’s portfolio and making it its own.
By Asavin Wattanajantra Published
-
Week in Review: Apple confuses on security
News This week, Apple's attitude to security confuses, as does the drive to make mobile phones work on underground trains.
By Asavin Wattanajantra Published