In the early hours of this morning I got an email from the Nokia Developer Forum.
The email tells me that the forum has been compromised and my email address has been accessed. The hacker/s used an SQL injection to gain access to database table records that contain registered members email addresses and for 7% of those members who chose to include other information in their public profile like Date of birth, MSN screen names etc, the hackers also got access to that too. Nokia continue to say that no sensitive information such as passwords and credit card details were in these tables so they do not consider these accounts or other Nokia accounts to be “at risk”.
Even though Nokia say they corrected the vulnerability immediately they have still taken down the forum as a precautionary measure while they conduct further investigations and security assessments.