Apple Developer Site Hacked by Turkish Researcher
Posted by: Timothy Tibbetts on 07/22/2013 09:15 AM
[
Comments
]
Last Thursday Apple unexpectedly shut down access to their developer site with a simple "Scheduled Maintenance" notice. By the weekend, when still no one could access their developer accounts, apps, payment information or statistics, coders began to grumble as to why. Today Apple placed the rumors at rest by adding this new notice on the developer account page.
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us.
Thank you for your patience."
Turkish Security Researcher https://twitter.com/ibrahimbalic] Ibrahim Balic has claimed credit for exposing the security hole in the Apple Developer Accounts that could leak developer data out to the wild.
Want to know how he did it? Here's what Mr. Balic released on YouTube:
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us.
Thank you for your patience."
Turkish Security Researcher https://twitter.com/ibrahimbalic] Ibrahim Balic has claimed credit for exposing the security hole in the Apple Developer Accounts that could leak developer data out to the wild.
Want to know how he did it? Here's what Mr. Balic released on YouTube:
Comments
