Nokia says hackers leaked third-party app source code
Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted.
The statement comes in response to threat actor IntelBroker earlier this week releasing data belonging to Nokia, allegedly stolen after breaching a third-party vendor's server.
The hacker tried to sell the data, claiming that it includes SSH keys, source code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials, but they decided to leak it after Nokia denied the breach.
BleepingComputer contacted Nokia for a comment about the incident and a company spokesperson said that the investigation uncovered a third-party security breach.
"Our investigation has found no evidence of any of our systems or data being impacted. Our investigations point to a 3rd party security incident, related to a single customized software application" - Nokia
IntelBroker previously told BleepingComputer that they breached a third-party vendor via a poorly protected SonarQube server, which allowed the download of files of multiple large companies, Nokia among them.
“We have found no evidence that this 3rd party incident would in any way endanger critical Nokia systems or data, including source code, customized software, or encryption keys. Our customers are in no way impacted, including their data and networks,” the company told BleepingComputer
The leaked source code is for an application not developed by the company, but by a third-party. The app was built to function only in one network, could not function outside it, and does not contain any Nokia code.
Despite having found no risk to its systems or data, the Finnish multinational corporation says that it continues "to closely monitor the situation."
source: BleepingComputer
Free security scan for your website
Top News:
Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
October 30, 2024Microsoft SharePoint RCE bug exploited to breach corporate network
November 2, 2024