Nokia smartphone fortunes may be dwindling these days but this has not deterred intrepid hackers from breaching the forum section of Nokia’s developer website and carting away member email addresses. The Finnish leader in cellphone markets recently revealed this at the site’s forum section which went offline with a somber press release about the incident in place of the forum contents. The developer site which contains the forum, however, remains up.
The press release disclosed an ongoing investigation that revealed unauthorized access to a database table populated by email addresses of forum members. The access apparently exploited a vulnerability in the bulletin board application used in the developer community forum that allowed an external SQL query attack.
The database table contains member records including their email addresses, though less than 7% has birthdates, usernames for ICQ, MSN, Skype, Yahoo and AIM along with homepage URLs in their profiles by choice. Fortunately, there is no sensitive information like credit card details or passwords. This has led Nokia to conclude that no forum member was put at risk and that the only potential fallout is confined most likely to unsolicited emails that members can expect in the coming days. Other Nokia accounts remain untouched. Nevertheless, the Finnish phone giant apologized for the incident.
The date and time when the site was hacked was not disclosed though some reports indicate that it was done last week. Nokia had earlier believed that few records had been accessed but the press release was candid enough to admit that it was significantly larger.
According to Nokia, the vulnerability was immediately addressed and it has taken the developer forum section offline pending further investigation and assessments to site security. It remained down as of Tuesday.
The Nokia developer site hacking is just the latest in a string of hacks of high profile government and corporate websites. It will be remembered that Sony’s PlayStation Network’s online service was hacked last April. It forced Sony to close its networks while rebuilding its online defense systems that took them two and a half months prior to full service resumption.
