When Apple’s developer site went down on Thursday, the company put up a short notice saying that maintenance work was taking place. However, after 24 hours, the site was still offline, leading some to believe that it was more than just a bit of routine tinkering taking place. And they were right.
Three days after the site went down, and with developers becoming increasingly concerned about the reasons for the outage, Apple sent out an email explaining that, in fact, the site had suffered a security breach.
The message (below) – also posted on the Member Center webpage where developers usually log in – said “an intruder” had entered the site last week in an attempt to steal personal data from registered developers. While Apple was certain in the belief that sensitive personal information of registered developers had not been accessed, it said it could not “rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed.”
The tech giant said that to prevent a similar breach happening again, it was working to overhaul its developer systems, update its server software, and rebuild its database.
The site, which provides third-party software developers with app-related resources, information and downloads, was still down late Sunday evening, with no indication given as to when it might be back online.
Speaking to AllThingsD about the incident, Apple spokesman Tom Neumayr said that while he wasn’t prepared to go into detail about the flaws in the old system or the work being done to correct the issue, he wanted to make clear that no information belonging to customers was stolen.
Meanwhile, in another development Sunday evening, security researcher Ibrahim Balic claimed on TechCrunch that on Thursday he reported to Apple a number of security weaknesses he’d found on the developer site, adding that he had been able to access personal details of a number of users. Hours later the Cupertino company took it offline.
Balic, who insists his work had no malicious intent, believes his findings may be the reason the site was taken down, although Apple is yet to contact him about his bug reports.
Below is Apple’s full message to developers:
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us.
Thank you for your patience.