Hot topics

    • mobile

    Comment

    Nokia Shuts Down Developer Forum After Hacker Accesses Member Records

    Robin Wauters

    View Staff Page

    Robin Wauters is the European Editor of tech blog The Next Web and lead editor of Virtualization.com. He was a senior staff writer at TechCrunch until his departure in February 2012. Aside from his professional blogging activities, he’s an entrepreneur, event organizer, occasional board adviser and angel investor but most importantly an all-round startup champion. Wauters lives and works in... → Learn More

    Monday, August 29th, 2011
    Comments
    devnokia

    Nokia has temporarily shut down its developer community website as a precaution, after a hacker gained access to a database table containing forum members’ email addresses and other information. The hacker last week exploited a vulnerability in the bulletin board software that allowed an SQL Injection attack that in turn enabled him (or her) to deface the forum website.

    Nokia has now emailed all its developer forum members alerting them to the fact that not only has the website been defaced, but the hacker also gained access to records, which – fortunately for Nokia – did not contain passwords, credit card details or other sensitive information.

    Nevertheless, Nokia says, roughly 7 percent of accessed records did include birth dates, website URLs and/or usernames for services like AIM, ICQ, MSN, Skype or Yahoo.

    SQL injection attacks usually occur when user input in the database layer of an application is not filtered for escape characters and is then passed into an SQL statement, or when a user supplied field is not strongly typed or is not checked for type constraints and thereby unexpectedly executed.

    Nokia says it initially believed only a small number of forum member records had been accessed, but that further investigation has identified that the number is ‘significantly larger’ – Nokia did not disclose exactly how many records were accessed or any other details about the security breach.

    The company also says it has taken down its developer community website offline as a precautionary measure while a Nokia team conducts further investigations and security assessments.

    (Thanks for the heads up, Robert)


    Crunchbase

    Company: Nokia
    Website: nokia.com
    Launch Date: 1865
    IPO: August 7, 1994, NYSE:NOK

    NOKIA is a Finnish multinational communications corporation. It is primarily engaged in the manufacturing of mobile devices and in converging Internet and communications industries. They make a wide range of mobile devices with services and software that enable people to experience music, navigation, video, television, imaging, games, business mobility and more. Nokia is the owner of Symbian operation system and partially owns MeeGo operating system.

    → Learn more
    Tags: ,