The Nokia developer forum has been taken offline after a breach from malicious hackers, according to the company. During Nokia’s investigation they discovered that the forum database table containing developers’ email addresses and in some cases personal information had been exploited by an SQL injection. The hack is bigger than Nokia had previously thought, leading to the forum’s take-down.
Currently, the Nokia developer forum registers a “404 Not Found” return, meaning that Nokia system administrators have taken the entire forum off their servers. In an email to developers, Nokia stated that “the initial vulnerability was addressed immediately, we have now taken the developer community website offline as a precautionary measure, while we conduct further investigations and security assessments.”
Nokia is not aware of any misuse of the accessed data but notes that email addresses were the primary data lifted from the attack. Other than the loss of the forum and perhaps some unsolicited email and spam, Nokia does not see a large potential impact to the breach.
“The database table records includes members’ email addresses and, for fewer than 7% who chose to include them in their public profile, either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo. However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members’ accounts is at risk. Other Nokia accounts are not affected,” the company said in an email to developers.
This is the second issue with a mobile developers’ forum in the last week. Google took down the Android developer complaint forum last week, redirecting all developer questions straight to the company.
Have you been affected by the Nokia developer forum breach? Let us know in the comments.
Thanks to Robert N. for sending this in.