The community discussion part of Nokia's developers' forum web site has been hacked, and members' email addresses accessed, according to the mobile phone manufacturer.
The discussion part of the web site has been taken down and replaced by a message from Nokia explaining what happened and apologising to its members.
"During our ongoing investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL injection attack."
The firm added that there are more compromised addresses than it originally realised.
"Initially we thought that only a small number of these forum member records had been accessed, but further investigation has shown that the number is significantly larger."
Besides email addresses, dates of birth and homepage URLs, alternative contact information related to Skype, AIM, MSN and Yahoo has also been accessed.
Since no financial information was stored by the site, Nokia believes that nothing more dangerous than unsolicited emails will result from the hack.
SQL injection, the method of attack used, involves putting code into a webform and requesting restricted information from the database behind the web site. Properly coded, a webform will not allow code to execute, but the Nokia site, like many others, seems not to have been coded well.
Vincent Delaroche, chairman and chief executive of software analysis and measurement firm Cast, explained that webforms are often poorly coded owing to a lack of management focus.
"Look at large companies in banking, retail or telecoms. Management doesn't ask the coders to code well because on the whole, management doesn't care."
David Norton, research director at analyst firm Gartner, said this is only one side of the story, and that time and training play their part as much as management not being interested in coding.
"The issue with software development is that coders do not have the time, or the skills, to spot vulnerabilities or errors."
Have your say on this article
Newsletters
Latest stories from Hacking
Latest videos
You may also like
Hacking jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
