A hack drove Nokia to taking down its own developer forum while investigating the casualties during the assault. They are currently analyzing the scope of the intrusion and how much sensitive user information had been compromised and stolen by the hackers.
“Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger,” says Nokia on its developer Web site.
Thankfully, it’s only a small number of member records, less than 7 percent. However, these records include birth dates, homepage URLs, and usernames for AIM, ICQ, MSN, Skype, or Yahoo in their public profiles. Nokia didn’t report any data misuse but it has been sending email to its users.
“However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members’ accounts is at risk. Other Nokia accounts are not affected,” Nokia said.
Following the hack, Nokia developers were greeted by an image of Homer Simpson with a speech bubble, “D’oh!” along with a message from the hackers saying:
“Owned by pr0tect0r AKA mrNRG. LOL. Worlds number 1 mobile company but not spending a dime for server security! FFS patch you security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!”
Though seemingly unaffected since the “initial vulnerability was addressed immediately,” Nokia still took down its developer community forum as a safety measure. It will remain offline while they “conduct further investigations and security assessments.” The mobile company has yet to announce any official date of it’s availability, but they pledged on posting updates as often as possible.
According to Sophos analyst Graham Cluley, Nokia taking the site offline was a “sensible move.”
This is not the first time a similar hack happened. Two months ago, Lulz Security dumped 62,000 log ins, 12,000 of which from WriterSpace.com users. Back in June, they’ve also held Bethesda Softwork’s 200,000+ Brink users for weeks, following their attack to one of the video game developer’s site two months prior that. Sensitive configuration files are taken by the group as well from the US Senate website. Though it doesn’t involve anything too risky for the US government, it contains configuration files that run the servers.
The dangers of hacking are real. In fairness to LulzSec, their argument does make sense. It’s about time enterprises and government agencies re-examine their website security.
Nokia’s hack follows a dramatic decline of the company’s grip on the mobile market ever since the entry of Apple and Android in the mobile scene. The company’s damage control solution is to partner with Microsoft to release low-end phones running WP7. Still, Nokia has already taken a plunge from €1 billion in cash last year to €176 million this year. Their market is also receding in China which is known to be one the former top mobile company’s tight grips. It still holds about 20-30 percent of the market but it seems like whatever’s lost is lost for good to competitors Apple and Android. Even Nokia CEO Stephen Elop himself reveals the harsh realities to its employees. There’s no hiding the company’s status especially when the hazard is hitting the roof.