Apple's developer portal was hacked into on Thursday and an intruder managed to obtain some personal information from registered developers, Apple has announced.
"Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed," wrote Apple in an announcement.
Apple immediately took down the Developers portal and promised a complete overhaul of its developer systems, including updating the server software and rebuilding the entire database to ensure the integrity and protection of its data. Any registered developer whose program membership were set to expire during this downtime have been granted an extension automatically, Apple said.
Recent updates identify a security researcher who has claimed responsibility for the breach of Apple's developer portal. The researcher, Ibrahim, released a YouTube video outlining the breach and that the security breach occured while researching the security behind Apple's developer portal.
According to his Twitter, on 19th July, he found 13 security-related bugs within Apple's developers centre and filed those bug reports with Apple. Within four hours of the final bug report, Apple took its developers centre offline.
In a comment (below) on TechCrunch, he claimed he was able to get the names and email addresses of 100,000 users though he says he has no intention of keeping the data and will remove it.
My name is ibrahim Balic, I am a security researcher. You can also search my name from Facebook's Whitehat List. I do private consulting for particular firms. Recently I have started doing research on Apple inc.
In total I have found 13 bugs and have reported through http://bugreport.apple.com. The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I've also added screenshots.
One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example.
4 hours later from my final report Apple developer portal gas closed down and you know it still is. I have emailed and asked if I am putting them in any difficulty so that I can give a break to my research. I have not gotten any respond to this... I have been waiting since then for them to contact me, and today I'm reading news saying that they have been attacked and hacked. In some of the media news I watch/read that whether legal authorities were involved in its investigation of the hack. I'm not feeling very happy with what I read and a bit irritated, as I did not done this research to harm or damage. I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn't attempt to get the datas first and report then, instead I have reported first.
I do not want my name to be in blacklist, please search on this situation. I'm keeping all the evidences, emails and images also I have the records of bugs that I made through Apple bug-report.
If this claim is true, this breach could be some good news for Apple (all things relative) as no Apple developer passwords were revealed nor does it appear that mailing address information was obtained.
Apple has promised a complete overhaul of its developer systems. You can get in touch with us by mentioning #ALJTMedia on Twitter, leaving a comment on our Facebook, Google+or LinkedIn page, or writing a comment below.