Nokia suffered an embarrassing security breach over the weekend when hackers penetrated one of its community websites and accessed names, email addresses, and other information belonging to developers of smartphone apps.
Nokia posted a message that warned developers that their information was exposed after hackers exploited a vulnerability that allowed them to carry out a SQL-injunction attack.
Other Nokia accounts are not affected.”
Nokia admins quickly fixed the bug that made the attack possible, but they soon took the developer community website offline pending a security assessment. Below the image were the words “Worlds number 1 mobile company but not spending a dime for server security!
Nokia has taken its developer community Web site offline while it investigates a hack that potentially compromised the email addresses and other personal info of its users.
The breach, perpetrated via a SQL injection attack, allowed hackers to access a Nokia database table that housed users' email addresses, among other things.
Other Nokia accounts are not affected," Nokia said.
Nokia said the "initial vulnerability was addressed immediately," but as a precautionary measure, the forum will remain offline "while we conduct further investigations and security assessments."
"Nokia apologizes for this incident," the company said.
Graham Cluley, an analyst with security firm Sophos, said in a blog post that taking the site offline was "a sensible move in my opinion."
A message underneath Homer said: "Owned by pr0tect0r AKA mrNRG. LOL. Worlds number 1 mobile company but not spending a dime for server security!
Smartphone maker Nokia, which is on the verge of porting its entire U.S. product line to Microsoft's Windows Phone 7 platform, suffered an embarrassing security breach over the weekend that exposed personal information belonging to members of its development community.
As of Monday morning, forums on developer.nokia.com were offline, replaced with a message from the company about the attack. "Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger," Nokia said on a message posted to the site.
Nokia estimates that the latter category of users represents less than 7% of the total number of members affected.
Discover the 10 critical requirements of cloud applications.
Prior to Nokia's shutting down of the site, visitors to the developer forums were greeted with an image of Homer Simpson shouting, "D'oh!" Users were redirected to a mirror page that bore a message mocking Nokia for weak security. "LOL, world's number 1 mobile company but not spending a dime for server security! Nokia added that it "apologizes for this incident."
The incident comes at a crucial time for Nokia. The Finnish company remains the world's largest manufacturer of mobile phone handsets, but is quickly losing market share to Apple's iPhone and to companies that manufacture smartphones that use Google's Android OS.
Nokia’s developer forums have been hit by a cyberattack, the Finnish company reported Monday.
The company initially believed an attack had compromised a small number of developer records. But, according to a statement on its developer forum site, Nokia’s further investigation has revealed that a “significantly larger” number of people were affected than originally thought.
“LOL. Worlds number 1 mobile company but not spending a dime for server security!” the message read, according to the security firm Sophos. The attacker referenced Anonymous hacking group’s AntiSec movement, which targets major corporations and governments.
No comments:
Post a Comment