Last Thursday, the Apple Developer Center website was shut down. Now, while developers are quite used to not being able to access it on occasions, this time it stayed shut for 3 days before any information was given. On Sunday, Apple sent an official email (image below) to all registered developers explaining that a h@cking attempt had been made on the Developer Center which had forced them to shut down. As of this moment, the site remains closed while the Cupertino Company work around the clock to overhaul the site. Databases are being rewritten and security is being tightened down to prevent a future attempt.
Apple do reassure us that no customer details were accessed, however, they cannot be certain that the names and addresses of some of the developers weren’t.
It seems that some-one has stepped up to the plate to take responsibility for the breach. His name is Ibrahim Balic and he is a security researcher who is based in the UK. He says he told Apple that there were issues with security of the development center and then promptly brought the website to its knees.
In total I have found 13 bugs and have reported through http://bugreport.apple.com. The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I’ve also added screenshots.
One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example. 4 hours later from my final report Apple developer portal gas closed down and you know it still is.
He claimed that he managed to access the details for more than 100,00 developer accounts before the breach was discovered but says it was purely for research, not malicious intent.
I have emailed and asked if I am putting them in any difficulty so that I can give a break to my research. I have not gotten any respond to this… I have been waiting since then for them to contact me, and today I’m reading news saying that they have been attacked and hacked. In some of the media news I watch/read that whether legal authorities were involved in its investigation of the hack. I’m not feeling very happy with what I read and a bit irritated, as I did not done this research to harm or damage. I didn’t attempt to publish or have not shared this situation with anybody else.
More information about the security breach has come from Apple. They confirmed that only developer accounts were affected and this was names and addresses only, no credit or debit card details were touched. They also said that the reason they waited before informing developers was so that they could find out exactly what data had been got to. At this moment in time they cannot say when the developer center will reopen and there is no news on when iOS 7 Beta 4 will now be released.