Nokia developer network site hacked - personal information accessed

Filed Under: Mobile, Spam, Vulnerability

Developers of apps for Nokia phones have been warned that their personal information may have been stolen by hackers, after a security breach on the official developer.nokia.com/community discussion forum.

The first warning that many Nokia developers would have had that something was amiss would have been when they visited the forum and instead of the usual chit-chat about technical issues, been taken to a third-party webpage containing an image of Homer Simpson.

Webpage displayed to users visiting the Nokia Developer Network site

The webpage contained a message seemingly from those responsible for the hack:

Owned by pr0tect0r AKA mrNRG

LOL. Worlds number 1 mobile company but not spending a dime for server security! FFS patch you security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!

According to the Finnish telecoms giant, hackers exploited a SQL injection vulnerability in the forum software used on the Nokia Developers site to access databases containing members' email addresses and (in some cases) birth dates, and usernames for AIM, ICQ, MSN, Skype or Yahoo.

Passwords and credit card information is not believed to have been exposed - which is a relief for affected members and must be causing a sigh of relief inside Nokia.

Nokia warns developers

While Nokia investigates further it has taken its developer community website offline as a precaution - a sensible move in my opinion.

Of course, the forum's suspension is of little consolation for those people who were affected by the security breach - they're now going to wonder if they're going to be on the receiving end of spam campaigns, malicious email attacks and phishing expeditions.

If you run a website make sure you are doing everything to keep it as secure as possible - for both your company's sake, and your users. If you haven't already done so, read this informative paper by SophosLabs, "Securing websites", which covers some of the issues.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.