An Apple developer website was hacked last week, and has remained offline for days after an attack which Apple admits may have exposed, “names, mailing addresses, and email addresses.” A security researcher has claimed that the hack exposed up to 100,000 users’ details.
The intrusion has sparked a security overhaul of the developer site, which remained offline for days in the wake of the attack. “In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database,” Apple said in a statement.
A UK-based researcher claimed responsibility for the attack via his YouTube channel and a post on TechCrunch, saying, “My name is Ibrahim Balic, I am a security researcher. You can also search my name from Facebook’s Whitehat List. Recently I have started doing research on Apple inc.
“One of those bugs have provided me access to users details etc. I immediately reported this to Apple. Four hours later from my final report Apple developer portal gas closed down and you know it still is. I have over 100.000+ users details and Apple is informed about this. I didn’t attempt to get the datas first and report then, instead I have reported first.”
Apple has not as yet publicly confirmed or denied Balic’s report. The company said in its statement, “Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website.”
“Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed,” the company said. “In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.”
Author Rob Waugh, We Live Security