Nokia shuts down developer site after members' data was compromised

Nokia said in an emailed statement that its developer site would be taken offline until “further investigations and security assessments were complete”, according to a report by the Wall Street Journal.

The company said that members’ personal information, including email addresses and dates of birth, was compromised.

“After further detailed investigations, we identified security flaws on the forums discussion website, which enabled a database table containing developer forum members’ records to be accessed. The records include members’ email addresses and, for fewer than 7% who chose to include them in their public profile, either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo”, Nokia said in the statement as reported by the newspaper.

Sensitive information, such as passwords and credit card numbers, was not compromised, according to Nokia. “Though we have no evidence of any misuse, we believe the potential risk is an increase in unsolicited email”, the company added.

A hacker by the name of “pr0tect0r AKA mrNRG” claimed responsibility for the attack.

Nokia said that the hacker exploited a flaw in the bulletin board software it was using for the forum using an SQL injection attack, according to a report by Slash Gear.

What’s Hot on Infosecurity Magazine?