Developer forum brought down by hackers who exploited a bulletin board software. Finnish phonemaker Nokia has shut down an online forum for developers after hackers brought it down over the weekend. The company has suspended its developers fourms and replaced with a company statement warning developers that the "signifcantly large" hack attack could have compromised personal details of the registered deveopers including dates of birth and email addresses.
The company also said that it has intiated a probe on the attack. In a message, the Nokia Developer website team said: "You may have seen reports or received an email from us regarding a recent security breach on this developer.nokia.com/community discussion forum." The company said that hackers exploited a vulnerability in the bulletin board software.
"During our ongoing investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack. Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger," said the company.
Nokia has apologised to users and added that sensitive details such as credit card details and passwords are safe. It said, "The database table records includes members' email addresses and, for fewer than 7% who chose to include them in their public profile, either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo. However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members' accounts is at risk. Other Nokia accounts are not affected."
"We are not aware of any misuse of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited email. Nokia apologizes for this incident. "Though the initial vulnerability was addressed immediately, we have now taken the developer community website offline as a precautionary measure, while we conduct further investigations and security assessments. We hope to get the site back online as soon as possible and will post developments here in the meantime," said Nokia. So far no hacker group has claimed responsibility for the attack.
The company also said that it has intiated a probe on the attack. In a message, the Nokia Developer website team said: "You may have seen reports or received an email from us regarding a recent security breach on this developer.nokia.com/community discussion forum." The company said that hackers exploited a vulnerability in the bulletin board software.
"During our ongoing investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack. Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger," said the company.
Nokia has apologised to users and added that sensitive details such as credit card details and passwords are safe. It said, "The database table records includes members' email addresses and, for fewer than 7% who chose to include them in their public profile, either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo. However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members' accounts is at risk. Other Nokia accounts are not affected."
"We are not aware of any misuse of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited email. Nokia apologizes for this incident. "Though the initial vulnerability was addressed immediately, we have now taken the developer community website offline as a precautionary measure, while we conduct further investigations and security assessments. We hope to get the site back online as soon as possible and will post developments here in the meantime," said Nokia. So far no hacker group has claimed responsibility for the attack.