ID: IRCNE2011081233
Date: 2011-08-30
According to “ITPRO”, Nokia's developer website has been hit by an SQL injection attack. The Finnish mobile firm warned a significant number of members from the mobile giant’s developer community forum had their details accessed.
The site has been taken down as a precautionary measure. The vulnerability exploited to attack the forum has been addressed, Nokia confirmed.
“During our ongoing investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack,” a post on the developer.nokia.com/community discussion forum read at the time of publication.
“Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger.”
As for what data could have been swiped by the intruders, Nokia said email addresses were compromised. For a small proportion of users who chose to include such information in their public profile, birth dates and usernames for Web 2.0 sites including MSN, Skype and Yahoo were accessed.
“They do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members’ accounts is at risk. Other Nokia accounts are not affected,” Nokia added.
“We are not aware of any misuse of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited email. Nokia apologises for this incident.”
- 2