Apple developer site hacked, security researcher claims responsibility

Tools

Apple (NASDAQ:AAPL) has shut down its developer portal following a security breach, and has not ruled out the possibility that developer profile data like names, mailing addresses and email addresses may have been compromised.

"We'll be back soon," Apple promises on its developer website.

The Apple site--which offers development kits, forums and other resources related to the company's iOS and Mac OS platforms--has been offline since Thursday. Apple initially posted a notice stating the site was down to address maintenance issues, but on Sunday sent registered developers an email acknowledging the attack.

"Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed," the email states. "In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."

Apple spokesperson Tom Neumayr told AllThingsD he could not go into additional detail about the vulnerabilities of the developer site or the company's plans to improve security, but said the attack did not compromise customer data. "The website that was breached is not associated with any customer information," Neumayr said. "Additionally, customer information is securely encrypted."

Turkish security researcher Ibrahim Balic has claimed responsibility for the attack, telling The Guardian that his goal was to demonstrate that the Apple site was leaking user information. Balic also posted a YouTube video that appears to depict the site's vulnerabilities. "My intention was not attacking," Balic explained. "In total I found 13 bugs and reported [them] directly one by one to Apple straight away. Just after my reporting [the] dev center got closed. I have not heard anything from them, and they announced that they got attacked. My aim was to report bugs and collect the datas [sic] for the purpose of seeing how deep I can go with it."

For more:
- see this Apple page
- read this AllThingsD article
- read this Guardian article

Related articles:
Apple's iOS 7 beta 3 brings fixes for Messages, iCloud bugs
Apple rolls out iOS 7 beta 2, adds iPad support
Report: Apple's iOS 7 redesign still in flux, major revisions likely before release
Apple CEO Cook: New iOS 7 is the 'biggest change to iOS since the iPhone'
Rumor Mill: Apple's revamped iOS 7 bringing unified black-and-white UI design

Filed Under

Comments