Nokia's developer online community has been hacked into and defaced.
In a statement on the Nokia community pages, which have since been closed amid the hack, the phone giant warns that members' personal information, including dates of birth and email addresses, may have been stolen.
The statement details how database tables containing the personal information were accessed by exploiting a vulnerability in the bulletin board software, through means of "an SQL injection attack".
While Nokia believed that only a small number of records had been accessed, further evidence shows that the number is "significantly larger".
"The database table records includes members’ email addresses and, for fewer than 7% who chose to include them in their public profile, either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo.
However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members’ accounts is at risk. Other Nokia accounts are not affected."
The site was also defaced by a hacker calling himself "pr0tect0r" AKA mrNRG", redirecting the site to a page with a message calling on Nokia to "patch your security holes otherwise you will be just another antisec [sic] victim".
The message suggests that the hack was a pre-warning message to a wider campaign under the AntiSec (anti-security) movement, but does not rule out that AntiSec hackers were not involved.
Nokia is the latest victim in a long line of attacks by hackers this year.
LulzSec, which disbanded after fifty days of hacking and releasing sensitive data, started the AntiSec movement with hacktivist collective Anonymous, in a bid to expose lax online security of websites and databases.
Earlier this year, the Sony PlayStation Network was taken offline for six weeks, after hackers compromised 77 million total users. Credit card details and other personal information was stolen and published online.
- Operation Anti-Security: LulzSec and Anonymous target banks and governments
- AntiSec hackers release 'largest cache yet' of law enforcement data
- LulzSec 'spokesperson' arrested by Scotland Yard
- LulzSec, Anonymous and hacktivism: Crappy security has caught up with us
- Military Meltdown Monday: 90,000 military email profiles released by AntiSec