Phone giant has temporarily shut down developer site after member details were hacked.
Click to enlarge |
The compromised details of Nokia software developers from a database containing email addresses and other personal details include (either) birth dates, homepage URLs or usernames for AIM, ICQ, MSN, Skype or Yahoo accounts, although these will only affect a minority of account holders, the developer website has just revealed.
While the Finnish phone giant originally believed only a minority of accounts were hacked, it now says the numbers affected are “significantly larger” than anticipated, blaming a software vulnerability.
On August 22, Nokia identified a security breach on an externally maintained developer website, thought to be the work of India based hacker known as “pr0tect0r AKA mrNRG,” who sought to humiliate the phone maker by defacing the site with images of Homer Simpson, and left this message on the site:
“LOL, Worlds number 1 mobile company but not spending a dime for a server security! FFS patch your security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!!”
Nokia had said last week that the security vulnerability had been identified.
However, “during our ongoing investigation of the incident we have discovered that a database table containing developer forum members’ email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack, ” say Nokia’s Developer website team.
“The database table records includes members’ email addresses and, for fewer than 7% who chose to include them in their public profile, either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo. ”
However, other ‘sensitive’ information such as passwords or credit card details are not affected, Nokia insisted. “We do not believe the security of forum members’ accounts is at risk.”
Other Nokia related user accounts are also unaffected.
“We are not aware of any misuse of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited email.”
The developer community website has gone offline as a precautionary measure, while it investigates but hopes to get the site back online “as soon as possible.”
The Finnish maker has apologised for the incident, although is is not yet clear who is behind the hacking, with Nokia staying schtum so far.
Similar cyber attacks experienced by gamers on Sony’s PlayStation Network, Nintendo and Sega earlier this year, which Anonymous, offshoot and Lulzsec were thought to be the culprits of.