Apple’s Developer Website is still down after an intruder attempted to access sensitive information, but more details are emerging about what might have happened.
According to Apple, the intruder managed to bypass the Website’s defenses sometime on July 18 and “secure personal information of our registered developers.” While that personal data is encrypted, the company cannot rule out the possibility “that some developers’ names, mailing addresses, and/or email addresses may have been accessed.”
Apple took the Developer Website down July 18 and set to work overhauling the security. That means updating the server software and rebuilding the database—tasks that could take sizable amounts of time, as suggested by the Website still being down. “We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon,” the Website’s note added.
A few days after the breach, things got a little more interesting when Ibrahim Balic, who claims to be a “security researcher,” posted a video on YouTube suggesting that he had broken into Apple’s Developer Website in order to highlight the system’s vulnerabilities. The video shows the email addresses and names of what could be a few Apple-affiliated developers.
“I have all the detected bugs reported apple company and waiting to be fixed,” reads text that ends the video. “I will be deleting all the datas I have, only got all these datas to see just how deep I can go.” Balic added that he’d “informed apple before taking these datas.”
In a follow-up interview with The Guardian, Balic reportedly said: “My intention was not attacking. In total I found 13 bugs and reported [them] directly one by one to Apple straight away. Just after my reporting [the] dev center got closed.”
But did Balic actually hack Apple’s Developer Website? That’s a good question, and one that—knowing Apple’s penchant for secrecy—may never be answered in an official way. In any case, this is an iffy milestone for Apple: it’s the first time the company’s suffered the same sort of widespread security breach that’s affected other tech giants over the past few years. Apple’s engineers will try to make sure it’s the last.