Apple admits their Dev Center was hacked, some info may have leaked

Hackers have been having a hell of a time during this past weekend, with both Ubuntu and Apple getting hit. Apple’s developers website went down on Thursday of last week and after a few days the company finally admitted there was a breach in their security.

At first Apple’s website only displayed “Maintenance is taking longer than expected”, but as the offline period stretched into the weekend many folks began to wonder if there wasn't something more serious going on.

Finally Apple started displaying a message explaining that hackers had indeed breached its security systems, and that some info may have been leaked. According to the notice found on the website, sensitive personal information was encrypted but some developers’ names and addresses may have been compromised.

The website is still offline as of this writing, and that’s because, at least according to Apple, they are completely revamping their security software; though some would say that upgrading your software after the breach is a too little, too late.

Via: Nakedsecurity

Report a problem with article
Previous Story

Images leak of supposed Galaxy Note III Phablet

Next Story

Android Jelly Bean 4.3 update spotted on Galaxy S3 [Update: Fake!]

26 Comments

Commenting is disabled on this article.

For those of you that may not being taking this seriously: I have been in IT security meetings for last 2 hours on this. I do work for a fortune 100 company and we have a little over 10K iOS devices in use throughout the company. While Apple says that the data wasn't compromised, we cannot take that chance. We now consider all certs (mdm, provisioning profiles, and csr) to be dead. We use a very large mdm platform to secure our devices and as of this morning that mdm cert on it is no longer valid. This for us is a real cluster****. As soon as we have access to our account we have to revoke the mdm cert, all provisioning profiles, all development certs.

Tom van Zummeren said,
Guys... this was not an attack. A security researcher already admitted that he was the cause of this mess.

http://www.youtube.com/watch?v=q000_EOWy80

He went about reporting that incorrectly. Copying the details of 100,000 users off the system before reporting the bugs to Apple is not entirely within the spirit of researching a vulnerability. I suspect he's going to get nailed.

Lol what a funny video 'i did not break any laws i did it all correct and legally' yeah, so when is it legal to STEAL people's personal info that they haven't given you nor given you permission to use? I hope someone batters him into a sand dune.

n_K said,
Lol what a funny video 'i did not break any laws i did it all correct and legally' yeah, so when is it legal to STEAL people's personal info that they haven't given you nor given you permission to use? I hope someone batters him into a sand dune.

Accessing a secure or insecure network without permission is in violation of laws in most countries. A hack is a hack, regardless of the intention. If he did report the situation/details to Apple then good, but it's still a hack.

Wait.. they were hacked on Thursday, and only now comment about it? And they say that's the "spirit of transparency"??? Have I read this wrong??

Sly_Ripper said,
Guess what, it takes a while to check all the access logs.

I think Apples intrusion detection system is more complex than a sweaty nerd with steamy glasses checking Apache access logs.

They knew they was hacked on Thursday, they could of took it down and immediately said they were investigating and more information will be avaiable soon. Instead it just said it was down for maintenance.

This is my biggest issue with this. As an iOS developer I was totally in the dark as to what was happening. It was an extremely frustrating weekend for me and countless other devs. It was a very poor show from Apple in regards to "transparency"

Lets face facts here, no real Data has been stolen, and no AppIDs or Certs are compromised as Apple do not store any Private Keys on the Dev Portal. The worst case scenario here is somebody gets a little more spam than usual.

CPressland said,
Lets face facts here, no real Data has been stolen, and no AppIDs or Certs are compromised as Apple do not store any Private Keys on the Dev Portal. The worst case scenario here is somebody gets a little more spam than usual.

The least thing I'd be worrying about would be certs being stolen, I'd be more worried about my address and private details and possibly payment details.

n_K said,

The least thing I'd be worrying about would be certs being stolen, I'd be more worried about my address and private details and possibly payment details.
Good thing you can't just google and address and find out who lives there. Hate to break it to you, but your name and your address is public record.

CPressland said,
Lets face facts here, no real Data has been stolen, and no AppIDs or Certs are compromised as Apple do not store any Private Keys on the Dev Portal. The worst case scenario here is somebody gets a little more spam than usual.

Apologists for Apple. The fact that their systems were compromised at all and that it will take days to clean up is a real concern.

There is no such thing as a system that can't be compromised so lets not pretend there is on a tech site where just about everyone knows this one basic fact.

Leopard Seal said,

Apologists for Apple. The fact that their systems were compromised at all and that it will take days to clean up is a real concern.

I don't think that's so much of a concern. The concern is not telling anyone their information may be compromised for several days.