Apple Developer Site Compromised

Type threatpost
Reporter Dennis Fisher
Modified 2013-07-22T13:41:06


Several days after taking its developer Web site down without a mention of the reason, Apple has revealed that attackers had breached the site. The company said that while it can’t rule out the theft of developers’ data, all of the sensitive personal information was encrypted.

Apple posted a notice on its developer Web site and also sent an email to developers who have accounts with the company, saying that as a result of the breach Apple is making some changes on its back end infrastructure and also is rebuilding the developer database.

“Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then,” the notice says.

“In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.”

Apple’s developer site serves as a resource for people who write apps for the company’s various platforms, including OS X and iOS. The site, as the company said, has been down since July 18, but it wasn’t until Sunday that the company provided any information about the incident or why the site had been taken offline. Apple is a frequent target for attackers of all stripes, as are its users and developers. The company itself admitted earlier this year that it was hit by an intrusion from a group of attackers who used a Java zero day vulnerability. The same group had breached Facebook, as well.

Apple’s iTunes store has been hit by various attacks in recent years, as well.