Apple confirms hack of its developer website
Explains mysterious days-long outage, says names and email addresses may have been stolen
Computerworld - Apple on Sunday admitted that its developer website, which has been offline since Thursday, had been hacked. Some information may have been stolen, the company acknowledged.
In an email to developers, Apple said that intruders had broken into the site -- which is restricted to registered iOS and OS X developers -- last Thursday. Apple posted a similar message on the website.
All but the home page of the site has been offline since Thursday, and remained inaccessible Monday morning.
"An intruder attempted to secure personal information of our registered developers from our developer website," the email and on-site message read. "Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed."
The Cupertino, Calif. company told developers that it was "completely overhauling" the site in response, and that it was updating the server software and rebuilding the developer database "to prevent a security threat like this from happening again."
Apple's portal lets developers access pre-release software, tools and documentation, and includes developer-only forums where they can exchange information and tips.
Speculation began Friday that the site had been hacked when the outage persisted and the company said nothing other than posting maintenance messages on the site. The fact that both iOS 7 and OS X Mavericks will ship within months, and thus that developers are in the midst of writing or rewriting apps to take advantage of new features, lent credence to the hacking theory, some said, because it would be the worst time for lengthy site maintenance.
"This is even feeling too long to be restoring from backups. The longer it goes, the more I believe the security-issue theory," Marco Arment, the creator of Instapaper, said on Twitter early Saturday.
Others have wondered whether digital certificates -- Apple issues them to developers to sign their apps -- may have been compromised, opening the window to hackers impersonating Apple or third-party software with malware of their own.
With the attack, Apple joins the long list of technology companies whose networks have been breached and customer information stolen by attackers, including Sony in 2011, Dropbox last year and Twitter in 2013.
Apple itself was victimized by hackers earlier this year. In February, the company confirmed that malware exploiting a Java vulnerability was used to compromise Macs inside the firm, presumably those of its own engineers as the attack originated from a hijacked website that catered to iOS developers.
On Sunday, Apple did not name a date when it expected to reopen the site.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Apple hands stock worth $12.1M to top execs in retention deal
- Hands on: Apple's Mac Pro is the fastest Mac ever
- Apple CFO to retire in September after he cashes in $53M stock award
- Apple's CarPlay to spark mobile apps war in your car
- Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks
- Apple patches critical 'gotofail' bug with Mavericks update
- Why Apple needs a $700 MacBook Air
- Apple takes top spot in brand value computation
- Apple gets a patent for health-monitoring ear buds
- Apple shifts to hardware-first TV strategy with revamped set-top box
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Benefits of Automated Log Management This paper discusses the challenges associated with effective log management and enables you to better define best practices and requirements for log management...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Cybercrime and Hacking White Papers |