or Connect
AppleInsider › Forums › Software › Mac OS X › Apple says its developer site was hacked, but that sensitive data was encrypted
New Posts  All Forums:Forum Nav:

Apple says its developer site was hacked, but that sensitive data was encrypted

post #1 of 106
Thread Starter 
Apple reported that its website for third party developers was compromised by "an intruder" seeking access to personal information. The site remains offline as the company investigates the matter and works to "completely overhaul" the system in a bid to prevent future attacks.


Source: Apple


The site, which has remained offline since Thursday, provides development tools, documentation and advanced developer preview versions of the company's unreleased software, including iOS 7 and OS X Mavericks.

Most of the site's content is restricted to registered developers who work with Apple under a nondisclosure agreement (NDA). Some additional developer resources outside the restricted site remain available.

A statement released by Apple today stated that "Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers? names, mailing addresses, and/or email addresses may have been accessed."We have not been able to rule out the possibility that some developers? names, mailing addresses, and/or email addresses may have been accessed."

"In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then."

The statement added, "In order to prevent a security threat like this from happening again, we?re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."

A report by Liz Gannes of the Wall Street Journal "All Things Digital" blog cited Apple spokesman Tom Neumayr as clarifying that ?the website that was breached is not associated with any customer information. Additionally, customer information is securely encrypted.?

The site's unavailability is an inconvenience for developers seeking to access the company's developer resources, which include documentation, advanced developer seeds, and a secure messaging system that allows developers from different companies to meet and discuss matters that would otherwise be restricted under their NDA.

The site is also used to manage access to deploy developers' own apps for internal testing, to register devices for testing purposes (including installation of iOS 7 seeds), to manage developer certificates used to submit apps to Apple for sale through the App Store, and for managing deployed titles.

It's also both an embarrassment and a disruption for Apple, which is racing to complete major upgrades for both its mobile and desktop operating systems this fall, in addition to releasing a new version of Xcode.
post #2 of 106
Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.
post #3 of 106
The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!
post #4 of 106
Quote:
Originally Posted by malax View Post

Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.

 

Agree. Their web services have been embarassingly bad, since the day of .mac, MobileMe and now iCloud. iCloud syncing works about 70% of the time for me, the rest, it just hangs when trying to upload a document. Siri, after 2 years, is still slow, when Google Now make you think your device is doing magic. And let's not talk about the horrendous download speed from the App Store. Some larger games (like Infinity Blade 2 @ 1.1GB) takes well over a hour to download on my 30Mbps connection.

 

Oh... and on the new Xcode... it's too flat, and may even be a bit... ugly???

post #5 of 106
Quote:
Originally Posted by malax View Post

Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.

What sort of mismanaged website needs twenty million a YEAR?! Or at all, for that matter.

They said they're redoing it from scratch already.

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #6 of 106
Quote:
Originally Posted by zoffdino View Post

The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!

Any breach is serious.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #7 of 106
Sorry to be picky, but the poorly constructed second sentence is shocking. Very un-Apple-like

The company really needs to hire a decent copy editor who vets stuff like this.
post #8 of 106

If we would cut all Internet lines to China, the digital world would be a much better place.

post #9 of 106
Quote:
Originally Posted by zoffdino View Post

The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!

 

Apple is sure taking it seriously, and rightfully so. 

post #10 of 106
Quote:
Originally Posted by AppleZilla View Post

If we would cut all Internet lines to China, the digital world would be a much better place.

And Russia
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #11 of 106
Quote:
Originally Posted by AppleZilla View Post

If we would cut all Internet lines to China, the digital world would be a much better place.

Their government would feel better about it, at least.

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #12 of 106
Quote:
Originally Posted by DroidFTW View Post

Apple is sure taking it seriously, and rightfully so. 

Yep. They didn't confirm being hacked but rather that someone tried. But they are informing folks just in case and acting under the assumption that if they isn't get in they might have gotten close enough to use what they have for a second attempt.

Totally perfect response.

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #13 of 106

What a coincidence, as DED just published an editorial lambasting Google for not giving enough thought to security.

post #14 of 106
Quote:
Originally Posted by rjc999 View Post

What a coincidence, as DED just published an editorial lambasting Google for not giving enough thought to security.

Did you miss the part where Apple wasn't actually hacked?

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #15 of 106
Quote:
Originally Posted by malax View Post

Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.

Well, why don't you apply for the job?

post #16 of 106
Quote:
Originally Posted by charlituna View Post


Yep. They didn't confirm being hacked but rather that someone tried. But they are informing folks just in case and acting under the assumption that if they isn't get in they might have gotten close enough to use what they have for a second attempt.

Totally perfect response.

 

Quote:
Originally Posted by Tallest Skil View Post


Did you miss the part where Apple wasn't actually hacked?

 

Of course they were hacked.  Even DED recognizes that, just read the title of the article.  Apple wouldn't cut their developer services off for days to do a complete overhaul of developer systems, update server software, and rebuilding of their entire database just because someone unsuccessfully tried to access their system.


Edited by DroidFTW - 7/21/13 at 7:11pm
post #17 of 106
Quote:
Originally Posted by zoffdino View Post

The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!

 

Names, email addresses, and mailing addresses. How can you downplay this?

 
Quote:
Originally Posted by Tallest Skil View Post


Did you miss the part where Apple wasn't actually hacked?

 

From The Verge:

 

 

Quote:
During the downtime, Apple indicated that the site was undergoing maintenance, but did not address malicious activity — leading some developers to question if the site had been hacked. As Neowin reported on Saturday, some developers indicated on Twitter that they had received password reset emails from Apple, fueling speculation that the site had been compromised.

 

http://www.theverge.com/2013/7/21/4543878/apple-completely-overhauling-developer-site-after-intrusion

post #18 of 106
Quote:
Originally Posted by DroidFTW View Post

Of course they were hacked.


Quote:
Even DED recognizes that, just read the title of the article.

Yes, because AppleInsider's article titles have always been 100% accurate, word for word representations of

1. reality
2. proper grammar

I don't need a period there. I don't need a temherte slaqî. I don't need any punctuation.
Quote:
Apple wouldn't cut their developer services off for days to do a complete overhaul of developer systems, update server software, and rebuilding of their entire database just because someone unsuccessfully tried to access their system.



1oyvey.gif

That's fine, anyway. It needed an overhaul; now they have an excuse to take it down all the way to do it!

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #19 of 106
Quote:
Originally Posted by dasanman69 View Post


And Russia

And the NSA.

post #20 of 106
Quote:
Originally Posted by Tallest Skil View Post


Did you miss the part where Apple wasn't actually hacked?

Did you miss the part where they were? If they weren't hacked, Apple would not have taken down the site. Apple said they cannot rule out that people's information had been taken, and lo and behold, lots of people are reporting password reset attempts which implies they at least got a hold of the username database. Point is, we get lots of apologetics here explaining away Apple fuckups, people look the other way, while other companies are raked over the coals. You can bet if a similar thing had happened to developers.google.com or developers.android.com, the same people looking to hand-wave away the issue or give the benefit of the doubt would be raising pitchforks.

 

Frankly, the reason the site is still down is because they don't know the degree to which they were penetrated. Hackers could have left more backdoors and exploits around in their network. Obviously, they are conducting an investigation, and don't want to put the site back up while they do it.

post #21 of 106
Guess that Apple should have continued to use Solaris/Sun/Oracle like they did before iCloud.

Using HP machines Azure will never work 100% (or 99.9995% that is acceptable downtime) or be secure.

Apple should use their own Xserve/Unix servers. Not play around.....

Guess its the same old problem:
Old unpatched SSH SQL injection.
post #22 of 106
Quote:
Originally Posted by rjc999 View Post

Did you miss the part where they were? If they weren't hacked, Apple would not have taken down the site.

Mhmm. Say, the Apple Store goes down a lot. You don't think...
Quote:
Apple said they cannot rule out that people's information had been taken...

Which is true of any access to any website for any purpose.
Quote:
...lots of people...

I see one.

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #23 of 106

Apple said there was an intrusion, I received one of these E-mails myself, so they were hacked as far as the term goes.  What they could not confirm was whether the intruder actually accessed any developer data, but regardless, personal data, including my name and home address, was compromised.

post #24 of 106
Quote:
Originally Posted by dasanman69 View Post

And Russia
And South Korea. Perhaps some cell phone manufacturer trying to get a jump on the next big thing no that their inside data faucet has been turned off.
post #25 of 106

Hacking is like fragmentation or malware. All websites/companies get hacked just like all OS's have fragmentation or are subject to malware.

 

However, it's not black & white. You can have your website disrupted or you can have information stolen (perhaps only a few accounts or things like e-mails all the way up to hackers getting everything as if they had physical access to the server backups).

 

Nonetheless, this won't stop the trolls from proclaiming this was a serious breach and loss of information just like they claim that Android and iOS are somehow equal in terms of fragmentation or malware.

post #26 of 106
Quote:
Originally Posted by Epsyco View Post

 but regardless, personal data, including my name and home address, was compromised.

 

Wrong. Apple said "some developers names, e-mails and addresses may have been accessed". You can't claim your name and address were accessed because you don't know.

post #27 of 106
Quote:
Originally Posted by EricTheHalfBee View Post

Wrong. Apple said "some developers names, e-mails and addresses may have been accessed". You can't claim your name and address were accessed because you don't know.

Similarly, it cannot be said that because you got a password reset e-mail that you were specifically affected.

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #28 of 106
Quote:
Originally Posted by EricTheHalfBee View Post

 

Wrong. Apple said "some developers names, e-mails and addresses may have been accessed". You can't claim your name and address were accessed because you don't know.

I'm not saying the data was accessed, I'm saying its security was compromised.

post #29 of 106
Quote:
Originally Posted by Tallest Skil View Post



Yes, because AppleInsider's article titles have always been 100% accurate, word for word representations of

1. reality
2. proper grammar

I don't need a period there. I don't need a temherte slaqî. I don't need any punctuation.


1oyvey.gif

That's fine, anyway. It needed an overhaul; now they have an excuse to take it down all the way to do it!

Thats exactly what this was. It was an opportunity to take down the site lock stock and barrel and put up the new stuff.

post #30 of 106
Quote:
Originally Posted by Tallest Skil View Post



But at what point is a intruder an intruder? The name suggests that he/she actually got in, now whether or not they were able to access any info is a different story. I see it as someone breaking into a house but upon getting in finds that all the valuables are stored in safes.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #31 of 106
Quote:
Originally Posted by zoffdino View Post

 

Agree. Their web services have been embarassingly bad, since the day of .mac, MobileMe and now iCloud. iCloud syncing works about 70% of the time for me, the rest, it just hangs when trying to upload a document. Siri, after 2 years, is still slow, when Google Now make you think your device is doing magic. And let's not talk about the horrendous download speed from the App Store. Some larger games (like Infinity Blade 2 @ 1.1GB) takes well over a hour to download on my 30Mbps connection.

 

Oh... and on the new Xcode... it's too flat, and may even be a bit... ugly???

 

OMG just shut up  Nothing you are saying here is relevant to what's going on at all, and most of it is just your personal opinion based on nothing.  

post #32 of 106
Quote:
Originally Posted by dasanman69 View Post


But at what point is a intruder an intruder? The name suggests that he/she actually got in, now whether or not they were able to access any info is a different story. I see it as someone breaking into a house but upon getting in finds that all the valuables are stored in safes.

 

I'll lay it out for you.

 

1) the site was hacked

2) the nature of the attack was an attempt to access developer's personal information.

3) at some point it was discovered, the big red button was pushed and everything was shut down

4) they are trying to figure out if any information was actually obtained. 

 

Therefore both the title of this article and the phrasing of Apple's email statement are actually correct, and both agree with each other.  

 

5) There is a missing "the" that should be the eighth word of the second sentence of Apple's statement, but I'm guessing whomever wrote it was a little stressed at the time. 

post #33 of 106
Quote:
Originally Posted by malax View Post

Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.

http://www.datacenterknowledge.com/the-apple-data-center-faq-part-3/

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #34 of 106
Quote:
Originally Posted by drblank View Post

Well, why don't you apply for the job?

His resume says, "I once criticized Apple's security on the Internet."

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #35 of 106
Quote:
Originally Posted by zoffdino View Post

The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!

Why is the stock always the first thing people think of when it comes to assessing the importance of any issue? Is that the main reason why many here care about Apple?

post #36 of 106
Quote:
Originally Posted by EricTheHalfBee View Post

Hacking is like fragmentation or malware. All websites/companies get hacked just like all OS's have fragmentation or are subject to malware.

 

No.

 

Please don't make up stuff if you don't understand something.

post #37 of 106

I'm immediately thinking "Samsung"

post #38 of 106
Quote:
Originally Posted by anantksundaram View Post

Sorry to be picky, but the poorly constructed second sentence is shocking. Very un-Apple-like

The company really needs to hire a decent copy editor who vets stuff like this.

Can be easily fixed by replacing the comma in front of "however" to a semi-colon. Quite possibly just a typo. This type of message is likely vetted by a lawyer and not a copy editor.


Edited by ankleskater - 7/21/13 at 8:48pm
post #39 of 106

Apparently, the "intruder" was a "security researcher".

 

Youtube Video

 

Edit : Ok I've removed the video because of a complaint from Gazoobee that it was publicity for this guy, even though the video will probably be in a ton of news articles and on Twitter this morning when tech journalists wake up. We will certainly hear more about the guy soon, considering the implications.

 

Now the video is still quoted in Gazoobee's post at the time of writing this...


Edited by VL-Tone - 7/21/13 at 11:42pm
post #40 of 106
Quote:
Originally Posted by charlituna View Post


Yep. They didn't confirm being hacked but rather that someone tried. But they are informing folks just in case and acting under the assumption that if they isn't get in they might have gotten close enough to use what they have for a second attempt.

Totally perfect response.

More perfect if they had distributed the message to the developers earlier.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Apple says its developer site was hacked, but that sensitive data was encrypted