14 DAY TRIAL // Nokia has warned members of its developer community that their email addresses and possibly other information have been compromised during a recent security breach.
The intrusion occurred when a hacker calling himself "pr0tect0r" exploited an SQL injection vulnerability on Nokia's discussion forum for developers.
The hacker took the opportunity to deface the community website with a message mocking Nokia's security, but distancing himself from Anonymous' Antisec campaign.
"No Dumping, No Leaking!" the hacker wrote in his message, but according to Nokia, he did access people's information stored in the database.
"During our investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack.
"Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger," the company wrote in a message to users.
In addition to email addresses, around 7% of users also had additional information associated with their profiles that included birth date, personal website, as well as IDs on various IM applications.
Sensitive information like credit card details or passwords have not been exposed, which is always good to hear, however, the company failed to warn users about the possibility of receiving fake emails impersonating the company.
The were similar incidents where affected individuals received phishing emails spoofing the companies whose databases were compromised. These usually tried to obtain more sensitive information from users or trick them into installing malware.
"Though the initial vulnerability was addressed immediately, we have now taken the developer community website offline as a precautionary measure, while we conduct further investigations and security assessments," Nokia says.