Nokia developer network site hacked – personal information accessed

Graham Cluley
Graham Cluley
@[email protected]

Developers of apps for Nokia phones have been warned that their personal information may have been stolen by hackers, after a security breach on the official discussion forum.

The first warning that many Nokia developers would have had that something was amiss would have been when they visited the forum and instead of the usual chit-chat about technical issues, been taken to a third-party webpage containing an image of Homer Simpson.

Webpage displayed to users visiting the Nokia Developer Network site

The webpage contained a message seemingly from those responsible for the hack:

Sign up to our free newsletter.
Security news, advice, and tips.

Owned by pr0tect0r AKA mrNRG

LOL. Worlds number 1 mobile company but not spending a dime for server security! FFS patch you security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!

According to the Finnish telecoms giant, hackers exploited a SQL injection vulnerability in the forum software used on the Nokia Developers site to access databases containing members’ email addresses and (in some cases) birth dates, and usernames for AIM, ICQ, MSN, Skype or Yahoo.

Passwords and credit card information is not believed to have been exposed – which is a relief for affected members and must be causing a sigh of relief inside Nokia.

Nokia warns developers

While Nokia investigates further it has taken its developer community website offline as a precaution – a sensible move in my opinion.

Of course, the forum’s suspension is of little consolation for those people who were affected by the security breach – they’re now going to wonder if they’re going to be on the receiving end of spam campaigns, malicious email attacks and phishing expeditions.

If you run a website make sure you are doing everything to keep it as secure as possible – for both your company’s sake, and your users. If you haven’t already done so, read this informative paper by SophosLabs, “Securing websites”, which covers some of the issues.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.