It says that a vulnerability in the bulletin board software allowed an SQL Injection attack to be carried out last week, giving hackers access to a database table containing developer forum members’ email addresses.
“Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger,” says the developer website team.
The database table records includes members’ email addresses and, for some,either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo. However, says Nokia, this applies to fewer than seven percent of members, who chose to include them in their public profile.
“However, they do not contain sensitive information such as passwords or credit card details, and so we do not believe the security of forum members’ accounts is at risk. Other Nokia accounts are not affected,” says the team.
Nokia says it’s not aware of any misuse of the accessed data, and says it reckons the only effect will be spam email. It’s closed the website down while it carries out further investigations.
The attack has been claimed by pr0tect0r AKA mrNRG, believed to be based in India. It redirected users to a third party web page with a picture of Homer Simpson.
“Owned by pr0tect0r AKA mrNRG. LOL, Worlds number 1 mobile company but not spending a dime for a server security! FFS patch your security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!!, read a statement on the page.