Apple have confirmed that their Developer Centre website has been hacked, but have yet to confirm the extent to which users’ personal information has been compromised.
Since Thursday July 18 the Developer Centre site has been offline with a message apologizing for the inconvenience and explaining that “maintenance is taking longer than expected.”
Now, after developers had vented their annoyance at being so poorly treated by Apple, the company have released a new statement saying: “Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. “
“Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed.”
Apple have said that no customer information has been compromised as the site is for developers' use only, usually to provide software updates ahead of their general release.
The site’s downtime will therefore be detrimental for developers as they rush to test out apps and software with the upcoming updates to Apple’s operating systems, iOS 7 and OS X Mavericks. However, this means that the attack will not affect general customers, with iTunes and the App Store functioning as normal.
A UK-based Turkish security researcher, Ibrahim Balic, has claimed responsibility for the attacks, but insists that he is conducting legitimate researcher and is not a hacker. In a video posted on YouTube Balic shows some of his ‘method’, saying:
“I have done All these pentest, adhering to the regulations and law and without damaging the prestige of the company, off course this can not be expressed in words how much I love doing my job.”
“I have all the detected bugs reported apple company and waiting to be fixed. I will be deleting all the datas I have, only got all these datas to see just how deep I can go. Also have informed apple before taking these datas.” [sic]
In a comment left on Tech Crunch Balic has expanded upon these claims, saying that he found thirteen bugs in total and that he was able to access “over 100.000+ user details”.
Although Balic’s motivations may have been altruistic the video he posted on YouTube does show the names and details of individual Apple users, and as he was operating without Apple’s permission the company could certainly pursue legal action against him.