News: Apple Developer Site Hacked
At the end of last week, a number of developers noticed that Apple’s Developer Center was down for maintenance for days—a rather unusual occurrence. Today, a notice was posted on the site, indicating that it had been hacked at the end of last week. At this point, only the names, addresses, and/or email addresses for some developers may have been accessed, while all sensitive information was encrypted. iTunes account information is located on different servers.
The notice posted on the site reads:
We’ll be back soon.
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us.
Thank you for your patience.
Apple provided additional information to Macworld, as reported by Lex Friedman later this afternoon:
Apple did confirm to Macworld that the website that was breached was not associated with any customer information; all customer information is securely encrypted, a company spokesperson said. The attacker also did not have access to app code, or the servers where app information is stored, Apple told Macworld. The company declined to comment on whether legal authorities were involved in its investigation of the hack.
Furthermore, The Loop’s Jim Dalrymple received some additional information from a conversation with someone from Apple:
First of all, this does not effect iTunes customer accounts—this is a different system and all iTunes customer information is completely safe, Apple told me.
It’s also important to note that the hacker did not get access to any app code or even the servers where the app information was stored. The hacker also did not get access to any credit card information.
The only thing that the hacker could have gotten access to was the names, email addresses and mailing addresses of the developers. At this point, Apple doesn’t know if the hacker even managed to see that information. Worse case, that is all the information they would have seen, according to Apple.