Apple Developer site goes down and some users are fearing a hack

As Mac Rumours reports, Apple’s Developer Center (developer.apple.com) went unexpectedly offline for a few hours earlier tonight.

That’s obviously a nuisance for any coder, but what really put the cat amongst the pigeons were tweets by some developers that prior to the downtime, their developer account profiles had been updated without their permission, pointing to an address in Russia.

All my teams on Developer Member Center at @apple are registered in Russia. Nice. pic.twitter.com/kyYyRyLTR7

Sign up to our free newsletter.
Security news, advice, and tips.

— Dal Rupnik (@TheLegoless) September 6, 2017

It looks like @Apple Developer accounts got hack! All the profiles lists this Russian address under membership, Check your profiles pic.twitter.com/4OxhpakgPy

— Kais Karim (@Kaiusee) September 6, 2017

Is this a malicious hack or some more down-to-earth internal goof that has caused some Apple developers to see the wrong contact information on their profile?

Probably only Apple can answer that question with certainty, but it’s important to note that even if some accounts were compromised to have a postal address of “Saint Petesburg” (sic), that’s a different scale of threat from there being an inherent vulnerability in the Apple Developer portal that could be exploited on a grand scale.

I think everyone should be careful about leaping to the conclusion that a site has been hacked, because – without the right evidence – it can lead to panic and poor decisions being made. It’s all too easy with social media to throw a snowball and for it to grow into an avalanche.

Hopefully Apple will be able to shed more light on what happened (and what didn’t happen) in the coming hours.

What they won’t want is the kind of kerfuffle we saw four years ago when a Turkish security researcher claimed to have found a flaw in the Apple Developer Centre site that allowed him to retrieve information on more than 100,000 users.

At least this latest problem has come to light now, rather than next week when Apple will take to the stage in California to announce an array of new products, including the iPhone 8. Imagine how much more of a nuisance that would have been.

Update: Apple has blamed the incident on a software bug.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.