Following a weekend of outage, Apple has confirmed an attempt by intruder to retrieve developer information was what shut it down.
The notice, which went up on Apple’s developer Member Center late last night, gives some details of the intrusion. It reads:
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us.
Thank you for your patience.
Rumours of such a situation have been building in developer communities over the weekend, with little information being given to explain the Member Center’s downtime beyond the assurance that developer accounts that had expired and required renewal wouldn’t result in their apps being pulled from the stores.
The Loop’s Jim Dalrymple spoke with Apple, who confirmed the details already given, but was also keen to point out that no iTunes customer account details were accessed, as these are stored on a different system. Likewise, app code and the servers where apps are stored were also not accessed, ruling out the possibility that this intrusion could result in malware on the App Store.
At the same time as Apple’s announcement, security researcher Ibrahim Balic has claimed that he reported vulnerabilities with Apple’s developer portal before it went down. In a YouTube video, Balic stated he was able to access over 10,000 users’ information, belonging to both developers and regular users, although he does intend to delete them. This claim has yet to be confirmed by Apple, but expect an update to this story if anything changes.