Nokia developer network site hacked – personal information accessed

Developers of apps for Nokia phones have been warned that their personal information may have been stolen by hackers, after a security breach on the official discussion forum.

The first warning that many Nokia developers would have had that something was amiss would have been when they visited the forum and instead of the usual chit-chat about technical issues, been taken to a third-party webpage containing an image of Homer Simpson.

Webpage displayed to users visiting the Nokia Developer Network site

The webpage contained a message seemingly from those responsible for the hack:

Owned by pr0tect0r AKA mrNRG

LOL. Worlds number 1 mobile company but not spending a dime for server security! FFS patch you security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!

According to the Finnish telecoms giant, hackers exploited a SQL injection vulnerability in the forum software used on the Nokia Developers site to access databases containing members’ email addresses and (in some cases) birth dates, and usernames for AIM, ICQ, MSN, Skype or Yahoo.

Passwords and credit card information is not believed to have been exposed – which is a relief for affected members and must be causing a sigh of relief inside Nokia.

Nokia warns developers

While Nokia investigates further it has taken its developer community website offline as a precaution – a sensible move in my opinion.

Of course, the forum’s suspension is of little consolation for those people who were affected by the security breach – they’re now going to wonder if they’re going to be on the receiving end of spam campaigns, malicious email attacks and phishing expeditions.

If you run a website make sure you are doing everything to keep it as secure as possible – for both your company’s sake, and your users. If you haven’t already done so, read this informative paper by SophosLabs, “Securing websites”, which covers some of the issues.