Nokia Forum Attacked by Hackers
Nokia announced yesterday that the security of its developer forum website was compromised by an attacker operating under the #AntiSec banner.
The attacker, who exploited an SQL injection vulnerability in the site's forum software, managed to obtain a database table with user account information. The attacker had compromised more data than Nokia had initially believed, but the information was not particularly sensitive and consisted of e-mail addresses and public profile information.
According to Nokia, only 7 percent of the forum's users had provided public profile information, which included things like instant messenger usernames and dates of birth. As such, the company does not believe that users' accounts are at risk.
The announcement page on Nokia's developer forum, linked below
As embarrassing as the situation is for Nokia, the company should be thankful that it was only a developer forum that was attacked, as opposed to the company's Ovi Store, which keeps credit card information on file, or something worse.
The attacker, who exploited an SQL injection vulnerability in the site's forum software, managed to obtain a database table with user account information. The attacker had compromised more data than Nokia had initially believed, but the information was not particularly sensitive and consisted of e-mail addresses and public profile information.
According to Nokia, only 7 percent of the forum's users had provided public profile information, which included things like instant messenger usernames and dates of birth. As such, the company does not believe that users' accounts are at risk.
The announcement page on Nokia's developer forum, linked below
The developer community site was also defaced, with a picture of Homer Simpson and the text "Owned by pr0tect0r AKA mrNRG." There was an included text marquee chastising Nokia for its lax security measures, and threatening that the site could be a future target if security doesn't improve. The message also stated that there would be no "dumping" of data, most likely meaning that the stolen information would not be published, as it has in previous attacks.
As embarrassing as the situation is for Nokia, the company should be thankful that it was only a developer forum that was attacked, as opposed to the company's Ovi Store, which keeps credit card information on file, or something worse.
