Breach, Data Security, Incident Response, TDR

Hackers attempt to steal data of Apple developer site members

Apple is warning members of its developer website that hackers tried to obtain their personal information by targeting company servers.

On Sunday, Apple revealed that its Apple Developer Center website had been down for three days because of an orchestrated effort by attackers.

“Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website,” says the message posted at Apple's Dev Center site. Developers also received the notice via email.

Apple said that attackers shouldn't be able to do much with users' personal data, however, as the compromised information – developers' names, mailing addresses and email addresses – was encrypted.

In an effort to prevent future attacks, the company said it was “completely overhauling" developer systems, rebuilding the entire database and updating server software.

On Monday, reached out to Apple, but did not immediately hear back as to what may have left its Dev Center servers vulnerable to being breached.

In its notice, Apple said that since it became aware of the issue on Thursday, it had been “working around the clock” to restore website functionality for users.

UPDATE: A UK-based security researcher may have revealed himself as the "intruder" that breached Apple's servers. 

Ibrahim Balic has taken responsibility for the incident, saying he informed Apple about 13 bugs impacting its systems last Thursday, one being the hole that exposed data from its Dev Center site.

Over the weekend, Balic posted a YouTube video explaining that he recovered more than 100,000 Apple users' personal information by exploiting the bug. On Monday, Balic removed the YouTube video and apologized via Twitter for "sharing some of the confidential information," after individuals questioned whether his disclosure was a responsible move.

Balic claimed that Apple took down the Dev Center site four hours after he disclosed the bugs to the company on Thursday. He admitted his disclosure in the comments section of a Tech Crunch article published on Sunday.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.