The community section of Nokia’s developer site was hacked, and some member’s e-mail addresses have been accessed, the mobile phone maker said.
The part of the site has been taken down, and instead delivers a statement from the company about the hack.
Nokia said that during its ongoing investigation of the incident, it discovered that a database table containing e-mail addresses of developer forum members was accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL injection attack.
“Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger,” the statement said.
Nokia did not specify when the site was hacked, though it is likely to have happened last week, according to some reports.
The database table records includes members’ e-mail addresses and, for fewer than 7 percent who chose to include them in their public profile, either birth dates, homepage URL (uniform resource locator) or usernames for AIM, ICQ, MSN, Skype or Yahoo services. Sensitive information such as passwords and credit cards details were not compromised, and the potential fallout of the hack is likely to be limited to unsolicited mail, Nokia said.
After addressing the initial vulnerability, Nokia said it took the developer community website offline as a precautionary measure, while it conducts further investigations and security assessments. The developer community section was still down on Tuesday.
Soon after the hack, visitors to the community pages were taken to a third-party web page containing an image of Homer Simpson, the character from the TV series The Simpsons, and a message, warning the company to patch its security holes, according to reports.
The hack of Nokia’s developer site is the latest in a series of hacks of corporate and government web sites. An April hack on Sony’s PlayStation Network and Qriocity online services forced Sony to close both networks while it rebuilt cyber defense systems. In all, it took two and a half months for the full resumption of service.
John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John’s e-mail address is firstname.lastname@example.org