Apple says its developer site was hacked, but that sensitive data was encrypted
Apple reported that its website for third party developers was compromised by "an intruder" seeking access to personal information. The site remains offline as the company investigates the matter and works to "completely overhaul" the system in a bid to prevent future attacks.
Source: Apple
The site, which has remained offline since Thursday, provides development tools, documentation and advanced developer preview versions of the company's unreleased software, including iOS 7 and OS X Mavericks.
Most of the site's content is restricted to registered developers who work with Apple under a nondisclosure agreement (NDA). Some additional developer resources outside the restricted site remain available.
A statement released by Apple today stated that "Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers? names, mailing addresses, and/or email addresses may have been accessed.
"In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then."
The statement added, "In order to prevent a security threat like this from happening again, we?re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
A report by Liz Gannes of the Wall Street Journal "All Things Digital" blog cited Apple spokesman Tom Neumayr as clarifying that ?the website that was breached is not associated with any customer information. Additionally, customer information is securely encrypted.?
The site's unavailability is an inconvenience for developers seeking to access the company's developer resources, which include documentation, advanced developer seeds, and a secure messaging system that allows developers from different companies to meet and discuss matters that would otherwise be restricted under their NDA.
The site is also used to manage access to deploy developers' own apps for internal testing, to register devices for testing purposes (including installation of iOS 7 seeds), to manage developer certificates used to submit apps to Apple for sale through the App Store, and for managing deployed titles.
It's also both an embarrassment and a disruption for Apple, which is racing to complete major upgrades for both its mobile and desktop operating systems this fall, in addition to releasing a new version of Xcode.
Source: Apple
The site, which has remained offline since Thursday, provides development tools, documentation and advanced developer preview versions of the company's unreleased software, including iOS 7 and OS X Mavericks.
Most of the site's content is restricted to registered developers who work with Apple under a nondisclosure agreement (NDA). Some additional developer resources outside the restricted site remain available.
A statement released by Apple today stated that "Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers? names, mailing addresses, and/or email addresses may have been accessed.
"We have not been able to rule out the possibility that some developers? names, mailing addresses, and/or email addresses may have been accessed."
"In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then."
The statement added, "In order to prevent a security threat like this from happening again, we?re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
A report by Liz Gannes of the Wall Street Journal "All Things Digital" blog cited Apple spokesman Tom Neumayr as clarifying that ?the website that was breached is not associated with any customer information. Additionally, customer information is securely encrypted.?
The site's unavailability is an inconvenience for developers seeking to access the company's developer resources, which include documentation, advanced developer seeds, and a secure messaging system that allows developers from different companies to meet and discuss matters that would otherwise be restricted under their NDA.
The site is also used to manage access to deploy developers' own apps for internal testing, to register devices for testing purposes (including installation of iOS 7 seeds), to manage developer certificates used to submit apps to Apple for sale through the App Store, and for managing deployed titles.
It's also both an embarrassment and a disruption for Apple, which is racing to complete major upgrades for both its mobile and desktop operating systems this fall, in addition to releasing a new version of Xcode.
Comments
Quote:
Originally Posted by malax
Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.
Agree. Their web services have been embarassingly bad, since the day of .mac, MobileMe and now iCloud. iCloud syncing works about 70% of the time for me, the rest, it just hangs when trying to upload a document. Siri, after 2 years, is still slow, when Google Now make you think your device is doing magic. And let's not talk about the horrendous download speed from the App Store. Some larger games (like Infinity Blade 2 @ 1.1GB) takes well over a hour to download on my 30Mbps connection.
Oh... and on the new Xcode... it's too flat, and may even be a bit... ugly???
What sort of mismanaged website needs twenty million a YEAR?! Or at all, for that matter.
They said they're redoing it from scratch already.
Any breach is serious.
The company really needs to hire a decent copy editor who vets stuff like this.
If we would cut all Internet lines to China, the digital world would be a much better place.
Quote:
Originally Posted by zoffdino
The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!
Apple is sure taking it seriously, and rightfully so.
And Russia
Their government would feel better about it, at least.
Yep. They didn't confirm being hacked but rather that someone tried. But they are informing folks just in case and acting under the assumption that if they isn't get in they might have gotten close enough to use what they have for a second attempt.
Totally perfect response.
What a coincidence, as DED just published an editorial lambasting Google for not giving enough thought to security.
Did you miss the part where Apple wasn't actually hacked?
Quote:
Originally Posted by malax
Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.
Well, why don't you apply for the job?
Quote:
Originally Posted by charlituna
Yep. They didn't confirm being hacked but rather that someone tried. But they are informing folks just in case and acting under the assumption that if they isn't get in they might have gotten close enough to use what they have for a second attempt.
Totally perfect response.
Quote:
Originally Posted by Tallest Skil
Did you miss the part where Apple wasn't actually hacked?
Of course they were hacked. Even DED recognizes that, just read the title of the article. Apple wouldn't cut their developer services off for days to do a complete overhaul of developer systems, update server software, and rebuilding of their entire database just because someone unsuccessfully tried to access their system.
Quote:
Originally Posted by zoffdino
The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!
Names, email addresses, and mailing addresses. How can you downplay this?
Quote:
Originally Posted by Tallest Skil
Did you miss the part where Apple wasn't actually hacked?
From The Verge:
Quote:
During the downtime, Apple indicated that the site was undergoing maintenance, but did not address malicious activity — leading some developers to question if the site had been hacked. As Neowin reported on Saturday, some developers indicated on Twitter that they had received password reset emails from Apple, fueling speculation that the site had been compromised.
http://www.theverge.com/2013/7/21/4543878/apple-completely-overhauling-developer-site-after-intrusion
Yes, because AppleInsider's article titles have always been 100% accurate, word for word representations of
1. reality
2. proper grammar
I don't need a period there. I don't need a temherte slaqî. I don't need any punctuation.
:no:
That's fine, anyway. It needed an overhaul; now they have an excuse to take it down all the way to do it!
Quote:
Originally Posted by dasanman69
And Russia
And the NSA.
Quote:
Originally Posted by Tallest Skil
Did you miss the part where Apple wasn't actually hacked?
Did you miss the part where they were? If they weren't hacked, Apple would not have taken down the site. Apple said they cannot rule out that people's information had been taken, and lo and behold, lots of people are reporting password reset attempts which implies they at least got a hold of the username database. Point is, we get lots of apologetics here explaining away Apple fuckups, people look the other way, while other companies are raked over the coals. You can bet if a similar thing had happened to developers.google.com or developers.android.com, the same people looking to hand-wave away the issue or give the benefit of the doubt would be raising pitchforks.
Frankly, the reason the site is still down is because they don't know the degree to which they were penetrated. Hackers could have left more backdoors and exploits around in their network. Obviously, they are conducting an investigation, and don't want to put the site back up while they do it.
Quote:
Originally Posted by rjc999
What a coincidence, as DED just published an editorial lambasting Google for not giving enough thought to security.
Oh look who's back - the troll that disappeared after I called him out in a previous thread.
Is it any wonder you'd be in here gloating over this and trying somehow to relate it to the clusterf%$k that is Android?