2 min Security

Nokia: ‘Hackers did not obtain critical data’

Nokia: ‘Hackers did not obtain critical data’

Update 8/11: Nokia ends the first days of the investigation with positive news. According to the company, there is no evidence that hackers were able to steal critical data from the company.

According to Nokia, the source code, corporate software, and encryption keys all remained out of the hands of hackers. There is also no indication that the hackers were able to breach the company’s systems. “Our investigation indicates that there has been a third-party security incident related to a single customized software application,” the company told BleepingComputer.

Original 5/11: Hackers allegedly broke into Nokia. The possibility arose because of vulnerabilities at a third-party company. SSH keys, source code, and credentials were allegedly stolen.

The hack is coming to light now that the hacker group Intel Broker offers stolen data on BreachForums. The group claims the data belongs to Nokia and is selling everything for $20,000.

It is too early to tell whether the offered data belongs to Nokia. The company is currently engaged in an investigation into the events. “Nokia is taking these reports seriously, and we are investigating. To date, our investigation has found no evidence of breaches in any of our systems or data. We continue to monitor the situation closely,” the company reports to BleepingComputer.

No customer data

It is not claimed the stolen data would include customer data. According to the description, the following data is being sold: SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, webhooks, and hardcoded credentials.

For Nokia, it is important to thoroughly investigate the potential breach to prevent future problems. After all, the hackers claim to have stolen very critical and sensitive information that could enable future breaches or other cyberattacks.

Breach through third party

The breach was allegedly caused by a third party. The tech news media outlet describes a conversation with the attacker in which it states that access was gained through a SonarQube server that was secured with the default password provided.

Tip! Months of logging in without a password at Okta