Nokia Developer Forums Security Breach Cause Shutdown

Earlier today the Nokia Developer Forums shutdown unexpectedly when it was discovered that a hacker had broken into user records for the form exposing all kinds of data from the members of the forum.

A note on the developer site explains the whole mess:

During our ongoing investigation of the incident we have discovered that a database table containing developer forum members’ email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack. Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger.

The database table records includes members’ email addresses and, for fewer than 7% who chose to include them in their public profile, either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo. However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members’ accounts is at risk. Other Nokia accounts are not affected.

Only about 7% of the members were affected and nothing too sensitive was accessed, like passwords or credit card numbers. If you are a member of another Nokia site, your information has not been compromised.

As a precautionary measure, Nokia has shutdown the forms to conduct a further investigation into the matter and Nokia says that it will be back online as soon as possible.

It is common for hackers to use SQL injection attacks to access data. In recent times we’ve seen many similar websites be attacked this way, including many of Sony’s sites.