Support NeoGAF

[Interfectum]

I got this email last night, posted? The dev accounts have been down since last Thursday and a lot of us have been wondering whats up. Looks like there was a hacking attempt.

We’ll be back soon.

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.

If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us.

Thank you for your patience.

http://devimages.apple.com/maintenance/

 

[Interfectum]

A new twist:

In a comment made on TechCrunch, Ibrahim Balic identified himself as a "security researcher" who attempted to point out serious issues to Apple about its Dev Center website. His comments came in response to an admission by Apple on Sunday that its developer website was hacked.

Sensitive personal information included on the registered developers website was encrypted, and Apple does not believe the information can be accessed. But Balic suggested he has been able to obtain some user details as evidence to Apple of an apparent security flaw.

Balic said he found a total of 13 bugs on Apple's site, one of which provided him with access to user information. He claims to have taken 73 user details — all of whom are Apple employees — and given them to the company as an example.

But 4 hours after he gave that user data to Apple, the company shut down its Dev Center website. The outage began last Thursday and has remained ever since, while Apple has worked "around the clock" in an effort to patch the apparent security issues.

Balic's public comments are apparently in an effort to clear his name, as he said he's "not feeling very happy" about how the situation has been portrayed. He also said he's concerned about potential legal action against him.

"I did not done this research to harm or damage," he wrote in his comment. "I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise (sic) of seeing how deep I can go within this scope."

http://appleinsider.com/articles/13...eveloper-site-says-he-meant-no-harm-or-damage

 

[Dead Man]

Yeah, he's going to get dropped in the shit.

 

[Tunesmith]

"I didn't attempt to publish or have not shared this situation with anybody else."

The video he released showed AppleID data from people he took, unmasked. Even if these were infact just Apple employees, he still showed this data unmasked to the public. Not very clever.

 

[mrkgoo]

Would this include non-paid developer accounts? I had to set one up eons ago to get access to Xcode. Or does registered mean those that are paying?

 

[Pizza Luigi]

So that probably ain't beta 4 for us today

 

[Phoenix]

It has definitely hosed up everything.

 

[Valnen]

This guy is gonna get the book thrown at him. You can't do this shit unless you work for the company in question. Having good intentions doesn't make this kind of thing okay.

 

[Burger]

So no non-Apple dev accounts were in fact 'hacked' ?

 

[Tamanon]

This guy is gonna get the book thrown at him. You can't do this shit unless you work for the company in question. Having good intentions doesn't make this kind of thing okay.

Eh, if white hats didn't do this sort of thing, most companies would never even notice the issue.

 

[Acorn]

This guy is gonna get the book thrown at him. You can't do this shit unless you work for the company in question. Having good intentions doesn't make this kind of thing okay.

Actually alot of tech companies encourage hackers to report anything of this sort to them, I believe Facebook recently paid a guy £20k or something crazy for pointing out security flaws with them directly.

If this guy made public the flaw prior to a fix though he's screwed.

 

[Appleman]

So that probably ain't beta 4 for us today

Yep, that was my first thought when I got the email. Glad they're sorting it out though and seemingly making some server side improvements.

 

[Dynedom]

So this is how Live Free or Die Hard started...