A hacker accessed personal details of Nokia developers in an attack on the Nokia Developer site last week, the phone manufacturer has admitted.
The intrusion resulted in the apparent attacker, pr0tect0r AKA mrNRG, redirecting visitors to the Nokia Developer Community forum to a page berating Nokia for its server security. Yesterday, Nokia told forum members that it had originally believed "only a small number" of their records had been accessed, but it had since revised that analysis.
"Further investigation has identified that the number is significantly larger," Nokia said in an e-mail sent to developers, apologizing and explaining that a SQL injection attack had exploited a vulnerability in the bulletin board software. The same statement was also put on a page that is still, at the time of writing, standing in for the Nokia Developer Community site. The company said it had addressed the initial vulnerability, but has taken the developer community Web site offline as a "precautionary measure, while we conduct further investigations and security assessments."
Read more of "Nokia admits developer details leaked in hack" at ZDNet UK.