Nokia's developer network has been compromised, with members' personal information falling into attackers' hands.
Mobile giant Nokia has acknowledged
a database used by its online developer community had been hacked,
with a significant number of developer forum members’ personal
information potentially falling into attackers’ hands. The attack used
SQL injection—basically, embedding SQL commands in a form field or
another entry point that get executed inappropriately by the database.
According to Nokia, personal information like birthdates, email
addresses, URLs, and instant messaging handles may have been
compromised. However, the company says no passwords or credit card
details were compromised, and no other Nokia accounts members may have
outside the developer forums would have been effected.
Nokia has taken its developer community offline as a "precautionary
measure,” and says it doesn’t know of any misuse of the compromised
data—although use of the email addresses by spammers is a likely
outcome. According to Nokia, less than seven percent of its developer
forum members chose to include information other than their email
address in their profiles.
Nokia’s online developer forums are just the latest in a string of
online communities to have been compromised by attacks in recent months.
The most infamous example to date is Sony’s PlayStation Network, which
was offline for six weeks after the accounts of some 77 million members
were compromised: the incident cost Sony some $170 million
andn an incalculable amount of customer trust and goodwill. Other
targets have included game networks like Eve Online, government agencies
like the FBI and the UK’s Serious Organized Crime Agency, as well as
media outlets like Fox.