November 7, 2024 at 01:28PM
Nokia’s investigation into a data breach found that leaked source code originates from a third-party vendor, with no company or customer data affected. The breach occurred via a poorly secured server, and Nokia assures that their systems remain safe while they continue monitoring the situation.
### Meeting Takeaways:
1. **Data Breach Investigation**: Nokia has confirmed that the recently leaked source code belongs to a third-party vendor and not to Nokia directly. There was no impact on company or customer data.
2. **Source of Data Leak**: The data was allegedly obtained by threat actor IntelBroker, who breached a third-party vendor’s server. This incident involved a poorly protected SonarQube server.
3. **Nature of Leaked Data**: The leaked data included SSH keys, source code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials. However, Nokia emphasizes that the source code belongs to a third-party application that was not developed by them.
4. **Impact Assessment**: Nokia’s investigation indicates that their own systems remain secure. There is no evidence that critical systems, software, or data have been jeopardized due to the incident.
5. **Ongoing Monitoring**: Nokia is actively monitoring the situation despite the lack of evidence indicating risks to their systems or data.
6. **Customer Assurance**: Nokia reassured that their customers and their data, including networks, are not affected by this third-party security incident.