Nokia is investigating claims that its source code may have been stolen after a hacker, known as IntelBroker, alleged they obtained the data by breaching a third-party vendor’s server.
In a statement to BleepingComputer, Nokia acknowledged reports that unauthorized access to data belonging to a contractor — and potentially Nokia itself — may have occurred, but emphasized that no direct evidence has yet been found of its own systems being compromised.
The hacker, IntelBroker, claims the stolen data includes sensitive information such as SSH keys, source code, RSA keys, BitBucket logins, and hardcoded credentials. Reportedly, access to the vendor’s SonarQube server was achieved through default credentials, allowing downloads of customer projects, including those from Nokia.
IntelBroker is known for previous breaches affecting prominent organizations like DC Health Link, Hewlett Packard Enterprise, and T-Mobile. Nokia’s ongoing investigation reflects growing concerns about supply chain security, as third-party vulnerabilities continue to impact major companies across industries.
