Nokia has stepped forward to provide clarity and reassurance to its customers and stakeholders. The telecommunication giant has confirmed that a data breach did indeed occur, but it has swiftly acted to contain the situation and safeguard its own sensitive information.
According to the company’s investigation, the breach was limited to a third-party vendor and did not directly impact Nokia’s internal systems or data. In a statement provided to BleepingComputer, Nokia emphasized that it has “found no evidence of any of our systems or data being impacted” by the incident.
Our investigations point to a 3rd party security incident, related to a single customized software application,” the company explained, further adding that the source code that was leaked belonged to the third-party vendor and not to Nokia itself.
The incident came to light when an infamous data leaker known as IntelBroker posted an advertisement on an underground forum, claiming to have stolen a large collection of Nokia source code, SSH keys, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials.
According to IntelBroker, the breach occurred through a compromised SonarQube server belonging to the third-party vendor, from which they were able to download sensitive files belonging to multiple companies, including Nokia.
While this revelation may have raised concerns among Nokia’s customers and partners, the company has been quick to address the situation and provide reassurance.
“We have found no evidence that this 3rd party incident would in any way endanger critical Nokia systems or data, including source code, customized software, or encryption keys. Our customers are in no way impacted, including their data and networks,” Nokia stated.
Furthermore, the company emphasized that the leaked source code was for a specific application intended to work on a single network and would not be functional or pose a threat elsewhere.
This data breach incident serves as a stark reminder of the importance of robust cybersecurity measures, not only within a company’s internal infrastructure but also across its extended network of third-party vendors and partners.
Nokia’s proactive response and transparent communication in addressing the situation are commendable, as they work to maintain the trust and confidence of their customers during these challenging times.
As the company continues to closely monitor the situation, it is clear that Nokia remains committed to safeguarding its data and ensuring the integrity of its operations, even in the face of evolving cyber threats.
This incident underscores the need for organizations to continuously assess and strengthen their security protocols, both internally and across their supply chain, to mitigate the risks of data breaches and protect their valuable assets from malicious actors.
Add Comment