Mobile giant Nokia has acknowledged a database used by its online developer community had been hacked, with a significant number of developer forum members’ personal information potentially falling into attackers’ hands. The attack used SQL injection—basically, embedding SQL commands in a form field or another entry point that get executed inappropriately by the database. According to Nokia, personal information like birthdates, email addresses, URLs, and instant messaging handles may have been compromised. However, the company says no passwords or credit card details were compromised, and no other Nokia accounts members may have outside the developer forums would have been effected.
Nokia has taken its developer community offline as a “precautionary measure,” and says it doesn’t know of any misuse of the compromised data—although use of the email addresses by spammers is a likely outcome. According to Nokia, less than seven percent of its developer forum members chose to include information other than their email address in their profiles.
Nokia’s online developer forums are just the latest in a string of online communities to have been compromised by attacks in recent months. The most infamous example to date is Sony’s PlayStation Network, which was offline for six weeks after the accounts of some 77 million members were compromised: the incident cost Sony some $170 million andn an incalculable amount of customer trust and goodwill. Other targets have included game networks like Eve Online, government agencies like the FBI and the UK’s Serious Organized Crime Agency, as well as media outlets like Fox.