Apple (NASDAQ:AAPL) is scrambling to fix a security hole in its Developer Center site. It's been down 'for maintenance' since Thursday, but now the company's confessed it was hacked, and that some personal information was stored unencrypted. However, a Turkish security researcher based in London says he reported the problem and that he's not a hacker at all.
In IT Blogwatch, bloggers get to the bottom of the situation.
Your humble blogwatcher curated these bloggy bits for your entertainment.
Marco Arment started getting antsy yesterday:
It’s now been almost three full days. ...for a web service to be down this long with so little communication [the] most likely explanation [is] data loss, with trouble restoring from backups [or a] security breach.
...if you’re an iOS or Mac App Store developer, I’d suggest leaving some free time in the schedule this week. MORE
Later, Liz Gannes brought the news:
Apple’s developer site was accessed by “an intruder” last Thursday. ...potentially vulnerable names and addresses had not been encrypted [so] Apple is “completely overhauling our developer systems, updating our server software, and rebuilding our entire database.”
[It] went down Thursday, and was first marked with a notice saying it was down for maintenance. Later, it was updated with a notice saying, “We apologize that maintenance is taking longer than expected.” MORE
via Lex Friedman, here's Apple's announcement to developers:
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. ...we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. ... We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. ...we expect to have the developer website up again soon. MORE
But this security researcher, Ibrahim Balic, claims to have alerted Apple to the problem:
I have found 13 bugs and have reported through http://bugreport.apple.com. ... One of those bugs have provided me access to users details etc. I immediately reported this.
4 hours later from my final report Apple developer portal has closed down. ... I have been waiting since then for them to contact me, and today I'm reading news saying that they have been attacked and hacked. ... I'm not feeling very happy with what I read and a bit irritated. ... beeing annouced as a hacker is frustrating. MORE
Meanwhile, Joshua Atkin is sure his developer account details have leaked:
well I know the hacker got my email, because someone attempted to change my password 3 times this weekend.
since day 1 of my apple account, this has never happened, then it happens 3 times in a short period [when] Apple's developer's site gets hacked, where they admit its possible he got emails. MORE