Apple says its Developer portal has been hacked and that some information about its 275,000 registered third-party developers who use it may have been stolen.
The portal at developer.apple.com had been offline since Thursday without explanation, raising speculation among developers first that it had suffered a disastrous database crash, and then that it had been hacked, reports the Guardian.
An Apple spokesman said the website that was breached was not associated with any customer information.
“Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed,” wrote Apple in an announcement.
It remained unclear how much, if any, data was compromised or who the attackers were. Apple would not comment on their identity.
The developer connection website contains pre-release software, technology for testing new programs and information about how to code applications for the company’s various products. Apple is currently completing work on new versions of its iOS mobile operating system and its Mac software.
The company hadn’t previously explained why the website became inaccessible Thursday. Some online publications reported that developers said their passwords had been reset, reports the Wall Street Journal.
The information technology giant said in a statement titled “We’ll be back soon” that they made the hack attack known “in the spirit of transparency.”
“In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database,” Apple said, apologizing and adding that they “expect to have the developer website up again soon.”
The company also told developers that their membership, if set to expire, has been extended and all third-party apps will remain on Apple’s app store for the duration.
David Barnard, founder of App Cubby, a company that makes apps for Apple’s devices, said having the site down is an inconvenience. But he said he is not worried about the lost data, since he uses a UPS mailbox for his address and a unique password that could not be used to tap into other sites.
According to recent reports, a Turkish security researcher, Ibrahim Balic, claims that he was behind the “hack” but insisted that his intention was to demonstrate that Apple’s system was leaking user information. He posted a video on Youtube which appears to show that the site was vulnerable to an attack, but adding “I have reported all the bugs I found to the company and waited for approval.”
A screenshot in the video showed a bug filed on 19 July – the same day the site was taken down – saying “Data leaks user information. I think you should fix it as soon as possible.”
The video appears to show developer names and IDs. However, a number of the emails belong to long-deprecated services, including Demon, Freeserve and Mindspring.