Apple is still working to overhaul its Developer Website after last week’s unauthorized intrusion.
According to Apple, an intruder managed to bypass the Website’s defenses sometime July 18 and steal the personal information of an unannounced number of developers. While that personal data was encrypted, Apple couldn’t rule out the possibility that some developers’ names and addresses may have been accessed; it subsequently shut the Website down and began updating the underlying systems.
“We plan to roll out our updated systems, starting with Certificates, Identifiers & Profiles, Apple Developer Forums, Bug Reporter, pre-release developer libraries, and videos first,” Apple wrote in a letter to developers, posted July 25 on The Mac Observer Website. “Next, we will restore software downloads, so that the latest betas of iOS 7, Xcode 5, and OS X Mavericks will once again be available to program members.”
After that, Apple will bring the remaining systems online. The company has posted a System Status dashboard on its Developer Website; as of the morning of July 25, only iTunes Connect and Bug Reporter were online and working normally. That dashboard offers no ETA for a full system restore, however.
A few days after the breach, a “security researcher” named Ibrahim Balic posted a video on YouTube suggesting that he had broken into Apple’s Developer Website in order to highlight the system’s vulnerabilities. The video shows the email addresses and names of what could be a few Apple-affiliated developers.
In a follow-up interview with The Guardian, Balic reportedly said: “My intention was not attacking. In total I found 13 bugs and reported [them] directly one by one to Apple straight away. Just after my reporting [the] dev center got closed.”
Apple has offered no word on whether Balic was truly responsible for the breach, or whether other parties were responsible. But given the importance of the developer community to Apple’s iOS and Mac OS X ecosystems, it’s a near certainty that the company is doing everything possible to ensure that another such intrusion doesn’t occur anytime soon.