Initially, Apple said that the site, which can only be accessed by paying Apple developers, was “down for maintenance”.
As the downtime continued into the weekend, suspicions were raised that something bad had happened, as unplanned downtime due to maintenance is hardly typical of the Cupertino firms’s normally slick operations.
Now, after some days of silence, Apple has admitted that its systems fell victim to hackers.
Part of the message reads:
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
Clearly there was some type of vulnerability on Apple’s Developer website that allowed the hacker to have unauthorised access if the company is concerned that developer information could have been stolen.
According to MacWorld, Apple has confirmed that although developers’ names, addresses and email addresses could have been accessed by the hackers, customer information was not breached and the attackers did not have access to the servers where apps are stored.
It’s obviously disappointing that, “in the spirit of transparency”, Apple didn’t acknowledge the hack earlier – as it could have put users on their guard against possible follow-up attacks against them such as phishing campaigns.
Although it’s easy to feel upset about the tardy way in which Apple has dealt with this security issue publicly, we shouldn’t forget that they are also victims here. An unknown hacker has commited a crime by breaching the company’s systems and accessing the data without permission, and it is to be hoped that Apple is working with the computer crime authorities to bring them to justice.
Since the incident, some users have reported that they have received unauthorized Apple ID password reset emails – although it is unclear whether this is unconnected to the security breach.
Mac and iOS app developers would be wise to be on their guard about suspicious emails that they receive in the coming days, and – as a precaution that *every* internet user should follow – ensure that every password they use on the internet is unique (no more “same password for different websites”), and hard-to-crack.
Further reading: Was Ibrahim Balic the man who “hacked” Apple’s Developer Center?
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.