ED#157 : Apple's Developer Website Gets Hacked!
After taking their Developer portal (developer.apple.com) offline since Thursday, Apple has finally admitted that the portal had been hacked, and worse, that some information about its developers may have been stolen as well. Here is their rather terse notice on the hacking :
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
Ibrahim Balic, a Turkish security researcher has just taken credit for this "significant inconvenience", claiming that he only did it to show that Apple's security hole was real. He posted a video on YouTube on this security hole, that has been made private. According to news reports, he claimed that "I have reported all the bugs I found to the company and waited for approval." with the said bug report filed on 19th of July, the same day the portal went down.
Although Balic claims that his intentions were noble, some developers have reported that they have received notification of requests to have their Apple ID passwords reset. That would imply that either Balic, or some other hacker who also gained access to the portal, was attempting to exploit the leaked data. Whether it was for testing purposes, or for a more malicious purpose is hard to tell.
Balic himself informed the UK's The Guardian newspaper that "My intention was not attacking. In total I found 13 bugs and reported [them] directly one by one to Apple straight away. Just after my reporting [the] dev center got closed. I have not heard anything from them, and they announced that they got attacked. My aim was to report bugs and collect the datas [sic] for the purpose of seeing how deep I can go with it."
The good news is that the fallout of this hacking attack is only limited to the 275,000 or so registered Apple developers, and does not involve the hundreds of millions of App Store and iTunes users all over the world... yet.
- WhatsApp Is Moving To A Subscription Model? Don't Panic!
- Bad Day : Always Reboot Windows First!
- Apple App Store's 5th Anniversary Freebies
- The NVIDIA Control Panel Memory Leak Problem
- How To Set Your Bluetooth Headset As Your Default Audio Device
- Your Wireless Mouse Or Keyboard Acting Up? Blame USB 3.0!
- Website Problems With Internet Explorer 10? Switch Modes!
- ActiveX Filtering In Internet Explorer 9 And 10 Kills Adobe Flash Player
- Backdoors Found In Bitlocker, FileVault and TrueCrypt?
If you have a scoop you want to share with us, just contact us! It doesn't have to be Internet-related. It can be anything in the tech industry, from mobile phones to P2P software. Just drop us a message!
Support Tech ARP!
Questions & Comments
If you have a question or comment on this editorial, please feel free to post them here!