Apple says its developer site was hacked, but that sensitive data was encrypted

Posted:
in macOS edited January 2014
Apple reported that its website for third party developers was compromised by "an intruder" seeking access to personal information. The site remains offline as the company investigates the matter and works to "completely overhaul" the system in a bid to prevent future attacks.


Source: Apple


The site, which has remained offline since Thursday, provides development tools, documentation and advanced developer preview versions of the company's unreleased software, including iOS 7 and OS X Mavericks.

Most of the site's content is restricted to registered developers who work with Apple under a nondisclosure agreement (NDA). Some additional developer resources outside the restricted site remain available.

A statement released by Apple today stated that "Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers? names, mailing addresses, and/or email addresses may have been accessed."We have not been able to rule out the possibility that some developers? names, mailing addresses, and/or email addresses may have been accessed."

"In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then."

The statement added, "In order to prevent a security threat like this from happening again, we?re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."

A report by Liz Gannes of the Wall Street Journal "All Things Digital" blog cited Apple spokesman Tom Neumayr as clarifying that ?the website that was breached is not associated with any customer information. Additionally, customer information is securely encrypted.?

The site's unavailability is an inconvenience for developers seeking to access the company's developer resources, which include documentation, advanced developer seeds, and a secure messaging system that allows developers from different companies to meet and discuss matters that would otherwise be restricted under their NDA.

The site is also used to manage access to deploy developers' own apps for internal testing, to register devices for testing purposes (including installation of iOS 7 seeds), to manage developer certificates used to submit apps to Apple for sale through the App Store, and for managing deployed titles.

It's also both an embarrassment and a disruption for Apple, which is racing to complete major upgrades for both its mobile and desktop operating systems this fall, in addition to releasing a new version of Xcode.
«13456

Comments

  • Reply 1 of 107
    malaxmalax Posts: 1,598member
    Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.
  • Reply 2 of 107
    zoffdinozoffdino Posts: 192member
    The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!
  • Reply 3 of 107
    zoffdinozoffdino Posts: 192member

    Quote:

    Originally Posted by malax View Post



    Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.


     


    Agree. Their web services have been embarassingly bad, since the day of .mac, MobileMe and now iCloud. iCloud syncing works about 70% of the time for me, the rest, it just hangs when trying to upload a document. Siri, after 2 years, is still slow, when Google Now make you think your device is doing magic. And let's not talk about the horrendous download speed from the App Store. Some larger games (like Infinity Blade 2 @ 1.1GB) takes well over a hour to download on my 30Mbps connection.


     


    Oh... and on the new Xcode... it's too flat, and may even be a bit... ugly???

  • Reply 4 of 107
    tallest skiltallest skil Posts: 43,399member
    malax wrote: »
    Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.

    What sort of mismanaged website needs twenty million a YEAR?! Or at all, for that matter.

    They said they're redoing it from scratch already.
  • Reply 5 of 107
    dasanman69dasanman69 Posts: 12,979member
    zoffdino wrote: »
    The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!

    Any breach is serious.
  • Reply 6 of 107
    anantksundaramanantksundaram Posts: 19,121member
    Sorry to be picky, but the poorly constructed second sentence is shocking. Very un-Apple-like

    The company really needs to hire a decent copy editor who vets stuff like this.
  • Reply 7 of 107
    applezillaapplezilla Posts: 941member


    If we would cut all Internet lines to China, the digital world would be a much better place.

  • Reply 8 of 107
    droidftwdroidftw Posts: 1,009member

    Quote:

    Originally Posted by zoffdino View Post



    The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!


     


    Apple is sure taking it seriously, and rightfully so. 

  • Reply 9 of 107
    dasanman69dasanman69 Posts: 12,979member
    applezilla wrote: »
    If we would cut all Internet lines to China, the digital world would be a much better place.

    And Russia
  • Reply 10 of 107
    tallest skiltallest skil Posts: 43,399member
    applezilla wrote: »
    If we would cut all Internet lines to China, the digital world would be a much better place.

    Their government would feel better about it, at least.
  • Reply 11 of 107
    charlitunacharlituna Posts: 7,215member
    droidftw wrote: »
    Apple is sure taking it seriously, and rightfully so. 

    Yep. They didn't confirm being hacked but rather that someone tried. But they are informing folks just in case and acting under the assumption that if they isn't get in they might have gotten close enough to use what they have for a second attempt.

    Totally perfect response.
  • Reply 12 of 107
    rjc999rjc999 Posts: 69member


    What a coincidence, as DED just published an editorial lambasting Google for not giving enough thought to security.

  • Reply 13 of 107
    tallest skiltallest skil Posts: 43,399member
    rjc999 wrote: »
    What a coincidence, as DED just published an editorial lambasting Google for not giving enough thought to security.

    Did you miss the part where Apple wasn't actually hacked?
  • Reply 14 of 107
    drblankdrblank Posts: 3,383member

    Quote:

    Originally Posted by malax View Post



    Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.


    Well, why don't you apply for the job?

  • Reply 15 of 107
    droidftwdroidftw Posts: 1,009member

    Quote:

    Originally Posted by charlituna View Post





    Yep. They didn't confirm being hacked but rather that someone tried. But they are informing folks just in case and acting under the assumption that if they isn't get in they might have gotten close enough to use what they have for a second attempt.



    Totally perfect response.


     


    Quote:

    Originally Posted by Tallest Skil View Post





    Did you miss the part where Apple wasn't actually hacked?


     


    Of course they were hacked.  Even DED recognizes that, just read the title of the article.  Apple wouldn't cut their developer services off for days to do a complete overhaul of developer systems, update server software, and rebuilding of their entire database just because someone unsuccessfully tried to access their system.

  • Reply 16 of 107
    mazda 3smazda 3s Posts: 1,569member

    Quote:

    Originally Posted by zoffdino View Post



    The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!


     


    Names, email addresses, and mailing addresses. How can you downplay this?


     


    Quote:

    Originally Posted by Tallest Skil View Post





    Did you miss the part where Apple wasn't actually hacked?


     


    From The Verge:


     


     


    Quote:


    During the downtime, Apple indicated that the site was undergoing maintenance, but did not address malicious activity — leading some developers to question if the site had been hacked. As Neowin reported on Saturday, some developers indicated on Twitter that they had received password reset emails from Apple, fueling speculation that the site had been compromised.



     


    http://www.theverge.com/2013/7/21/4543878/apple-completely-overhauling-developer-site-after-intrusion

  • Reply 17 of 107
    tallest skiltallest skil Posts: 43,399member
    droidftw wrote: »
    Of course they were hacked.

    1000
    Even DED recognizes that, just read the title of the article.

    Yes, because AppleInsider's article titles have always been 100% accurate, word for word representations of

    1. reality
    2. proper grammar

    I don't need a period there. I don't need a temherte slaqî. I don't need any punctuation.
    Apple wouldn't cut their developer services off for days to do a complete overhaul of developer systems, update server software, and rebuilding of their entire database just because someone unsuccessfully tried to access their system.

    1000

    :no:

    That's fine, anyway. It needed an overhaul; now they have an excuse to take it down all the way to do it!
  • Reply 18 of 107

    Quote:

    Originally Posted by dasanman69 View Post





    And Russia


    And the NSA.

  • Reply 19 of 107
    rjc999rjc999 Posts: 69member

    Quote:

    Originally Posted by Tallest Skil View Post





    Did you miss the part where Apple wasn't actually hacked?


    Did you miss the part where they were? If they weren't hacked, Apple would not have taken down the site. Apple said they cannot rule out that people's information had been taken, and lo and behold, lots of people are reporting password reset attempts which implies they at least got a hold of the username database. Point is, we get lots of apologetics here explaining away Apple fuckups, people look the other way, while other companies are raked over the coals. You can bet if a similar thing had happened to developers.google.com or developers.android.com, the same people looking to hand-wave away the issue or give the benefit of the doubt would be raising pitchforks.


     


    Frankly, the reason the site is still down is because they don't know the degree to which they were penetrated. Hackers could have left more backdoors and exploits around in their network. Obviously, they are conducting an investigation, and don't want to put the site back up while they do it.

  • Reply 20 of 107

    Quote:

    Originally Posted by rjc999 View Post


    What a coincidence, as DED just published an editorial lambasting Google for not giving enough thought to security.



     


    Oh look who's back - the troll that disappeared after I called him out in a previous thread.


     


    Is it any wonder you'd be in here gloating over this and trying somehow to relate it to the clusterf%$k that is Android?

Sign In or Register to comment.