Nokia’s developer forum has been taken offline after a breach from hacker who obtained database tables with user account information, Nokia said in a statement.
During the investigation, Nokia discovered that a database table containing developer forum members' e-mail addresses has been accessed, by exploiting vulnerability in the bulletin board software that allowed an SQL Injection attack, the company said in the statement.
During the initial investigation, Nokia believed that only a small number of these records had been accessed, but further investigation found the number was significantly larger.
The breach records includes members’ e-mail addresses and public profile information, birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo but passwords or password hashes are not hacked.
Only 7 percent of the forum users chose to provide profile information, Nokia said.
Nokia believes the security of forum members’ accounts is not at risk because the breached database does not contain sensitive information such as passwords or credit card details.
According to Nokia the only threat to individual users is unsolicited e-mail.
“We are not aware of any misuse of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited email,” Nokia said.
The initial vulnerability was addressed immediately. Nokia as a precautionary measure has taken the developer community Web site offline.
Malicious hackers also defaced Nokia’s developer community Web site and changed the display picture to a cartoon character Homer Simpson.
They also sent a message which said that the site was Owned by pr0tect0r AKA mrNRG,” Ars Technica reported.
The individual or group hackers identify themselves as pr0tect0r. The group is also connected with a recent attack against Defense.pk, an independent news and forum Web site that discusses Pakistan's military, Ars Technica reported.
Nokia’s hack is the second problem with a developers' forum in the last week. Google last week took down the Android developer complaint forum, which redirected all developer questions straight to the company.