More news has arrived on the hacking front, and this time it appears as though the Nokia developer network has been breached and data has been stolen. The website, located at developer.nokia.com, has since been replaced with a static message informing those of the recent security breach.
During our ongoing investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack. Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger.
Nokia state that the database table records accessed include member email addresses and possibly birth dates, homepage URLs and instant messaging account names, but more sensitive data such as passwords or credit card information was not accessed. The Nokia website team believe that the only impact of the breach would be “unsolicited email”, which they apologize for.
No “hacktivist” team, such as Anonymous, has claimed responsibility for this attack at this stage, and it appears as though Nokia are doing their best at keeping collateral damage to a minimum. It is not entirely clear at this stage exactly how many users’ data was accessed, or when the Nokia developer website will re-open, but the team hopes that it will be as soon as possible.