Apple reveals they took down Developer Center due to intrusion, completely overhauling system

Apple reveals they took down developer portal due to intrusion, completely overhauling system

Apple has sent an email out to developers addressing the reason behind the ongoing multi-day outage of their developer portal, confirming suspicions that it was the result of a security breach.

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.

The good news is that Apple had sensitive personal information encrypted, and hopefully in time Apple will be able to rule out the possibility entirely that any unencrypted information was compromised.

The developer portal is used by iOS and Mac developers for managing their developer accounts and apps, as well as accessing areas like developer forums to discuss technical issues. While it's normal for the site to go down for routine maintenance from time to time, extended outages like this are uncharacteristic, prompting concerns of a privacy breach starting yesterday.

We will continue to post more details as they become available.

Update: Security researcher claims to have reported bugs shortly before Apple took down its developer portal

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at POSSIBLE Mobile. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

-
loading...
-
loading...
-
loading...
-
loading...

← Previously

Week in review: Developer portal woes, acquisitions, Logic Pro X and more!

Next up →

Security researcher claims to have reported bugs shortly before Apple took down its developer portal

Reader comments

Apple reveals they took down Developer Center due to intrusion, completely overhauling system

13 Comments

I'd say that when talking in the grand scheme of it, they are pretty darn good. And when the sh*t inevitably did hit the fan (like it has for a vast majority of major players), I think Apple's response was one of the better ones I've seen. Not only did they IMMEDIATELY take down the system, but they are completely redesigning and overhauling their system, not to mention building their servers back from scratch, just in case any of the backups were compromised.

Maybe it was the NSA or some sys admin working as a contractor for the NSA. SHRUG!! But seriously, their response was immediate and rebuilding the servers and databases hopefully won't take forever.

Rebuilding their databases is of little comfort when the data in them will be the same and potential names/addresses/email/passwords have already been taken.

Great, so some moron has posted a load of email addresses over YouTube, brilliant, I'm sure that makes everyone feel better!

The link says, "The supposed researcher claims that he has obtained more than 100,000 encrypted user details by exploiting bugs on Apple's Dev Center website. In an a video he posted to YouTube, Balic shows a handful of names and email addresses found in raw data allegedly taken from the Dev Center." -- If he's a legit researcher, why the f did he "obtain" more than 100,000 encrypted user details?? Doesn't pass the smell test...

I think the claim that the records are encrypted is a result of Apple's statement saying sensitive personal information is encrypted. The video the researcher posted seems to suggest that the records he obtained were plaintext.

Still... the guy claims his actions are/were benign... yet he took over 100k user's data... that's not benign in my book.