close
close

Nokia says hackers have leaked the source code of a third-party app

Nokia's investigation into recent data breach claims found that the source code leaked on a hacker forum belonged to a third party and that company and customer data were not compromised.

The statement comes in response to threat actor IntelBroker releasing data from Nokia earlier this week that was allegedly stolen following an attack on a third-party server.

The hacker attempted to sell the data, claiming that it contained SSH keys, source code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials. However, after Nokia denied the breach, it decided to share the data.

Data leak post by IntelBroker on BreachForums
Data leak post by IntelBroker on BreachForums
Source: BleepingComputer

BleepingComputer contacted Nokia for comment on the incident, and a company spokesperson said the investigation uncovered a third-party security breach.

“Our investigation has found no evidence that any of our systems or data were compromised. Our investigations indicate a third-party security incident associated with a single custom software application” – Nokia

IntelBroker previously told BleepingComputer that a third-party server was hacked through a poorly protected SonarQube server that allowed files from several major companies, including Nokia, to be downloaded.

“We have found no evidence that this third-party incident in any way compromised critical Nokia systems or data, including source code, customized software or encryption keys. Our customers are not affected in any way, including their data and networks,” the company told BleepingComputer

The leaked source code refers to an application that was not developed by the company but by a third party. The app was designed to work only on one network, could not work outside that network and does not contain Nokia code.

Although no risk to its systems or data has been identified, the Finnish multinational says it is “continuing to closely monitor the situation.”