Mobile phone maker Nokia (News - Alert) was forced to take its developer forum offline on Monday after it acknowledged that the website had been hacked.
The Finnish company said that hackers had breached the site via an SQL injection attack that compromised a “significant” number of forum member records. The breached database included email addresses and – for the 7 percent of members who included them into their profile – homepage URLs, birthdates and usernames for AIM, ICQ, MSN, Skype (News - Alert) or Yahoo.
“However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members' accounts is at risk. Other Nokia accounts are not affected,” Nokia noted on its community discussion board.
The world's largest mobile phone maker said that the attack was initiated through a “vulnerability” in the forum's software.
Nokia said that it addressed the vulnerability immediately following the investigation and has yet to identify any misuse of the breached data. Still, the company took the website offline as a precautionary measure and is contacting affected members via email in regards to the breach.
The website team speculated that the only potential impact to developers is an unsolicited email.
Graham Cluley, an analyst with security firm Sophos, said in a blog post that members who had visited the forum before it was taken down were transferred to a third party site containing a picture of Homer Simpson uttering his famous catchphrase, “Doh!”
The caption of the photo read: “LOL. World's number 1 mobile company but not spending a dime for server security! FFS patch you security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!”
The style of attack is in line with many other recent breaches of technology companies with seemingly inadequate IT security. Sony was the target of multiple attacks that were motivated by the urge to shine light on the company's poorly constructed websites.
SonyPictures.com was also breached using a simple SQL injection attack, which the hackers called “one of the most primitive and common vulnerabilities.”
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.
Beecher Tuttle is a TMCnet contributor. He has extensive experience writing and editing for print publications and online news websites. He has specialized in a variety of industries, including health care technology, politics and education. To read more of his articles, please visit his columnist page.
Edited by Jennifer Russell