Nokia falls foul of security hack
By David Howells
30/08/2011
Nokia users are fearing the worst after it emerged that a network of their personal details was hacked.
The Nokia Developer Forum contained the names, dates of birth and email addresses of many thousands of Nokia users, all of which could potentially have been accessed during the hack.
The forum has been shut down whilst experts investigate and assess the damage caused by the breach.
This new hack is the latest in a long line of high-profile security breaches which, despite the arrests of those thought to be high up in the rankings of "hacktivist" groups Anonymous and Lulzsec, keep occurring. As yet, neither Anonymous nor Lulzsec has claimed responsibility for the Nokia hack.
These breaches have prompted many businesses to assess their own security measures and consider using network management software to better protect themselves.
Explaining how the users managed to gain entry, a Nokia spokesperson told BBC News: "A database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack."
An SQL Injection involves accessing a log-on screen then "injecting" the site with long strings of code the website is not used to coping with. If done correctly, the security will fail.
Concluding, the Nokia spokesperson told informationweek.com: "Initially we believed that only a small number of records had been accessed, but further investigation has identified that the number is significantly larger."
