FINNISH PHONE MAKER Nokia has suspended its developer forum after discovering that a recent attack had compromised users' personal details.
Nokia said in a statement that its developer forum at developer.nokia.com/community will be suspended until "further investigations and security assessments were complete". It admitted that users' data including email addresses and dates of birth for those who posted them on their profiles had been compromised.
Information such as passwords and credit card details are safe, and Nokia thinks the biggest risk from the breach is an increase in unsolicited email.
Nokia said, "After further detailed investigations, we identified security flaws on the developer.nokia.com/community forums discussion website, which enabled a database table containing developer forum members' records to be accessed.
"The records include members' email addresses and, for fewer than 7 [per cent] who chose to include them in their public profile, either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo.
"However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members' accounts is at risk. Though we have no evidence of any misuse, we believe the potential risk is an increase in unsolicited email."
Nokia at first thought the original attack on 22 August was not a big concern. Indian Hacker pr0tect0r AKA mrNRG wrote on Nokia's web site, "LOL, Worlds number 1 mobile company but not spending a dime for a server security! FFS patch your security holes otherwise you will be just another antisec victim. No Dumping, No Leaking!!"
It seems things potentially could be worse than Nokia thought. µ