Apple on Sunday confirmed that its Developer Center was hacked last week, and that the company is in the process of overhauling its security systems before the portal goes back online for the first time since Thursday's outage began.
In an email sent out to developers, Apple says that an "intruder" tried to steal personal information from its developer site, but ensures that the information was encrypted. However, there is a possibility that developers' names, email addresses and home addresses have been accessed by the hacker.
Apple did confirm to Macworld that the website that was breached was not associated with any customer information; all customer information is securely encrypted, a company spokesperson said. The attacker also did not have access to app code, or the servers where app information is stored, Apple told Macworld. The company declined to comment on whether legal authorities were involved in its investigation of the hack.
UK-based researcher Ibrahim Balic claims that he could be the reason behind the Developer portal outage after he found 13 bugs in Apple's system, and showed the vulnerabilities to Apple. He says that he managed to access data from more than 100,000 users, but insists he didn't hack the system for malicious purposes.
According to Balic, Apple shut down its Developer Center four hours after he reported the bugs to Apple. In a comment on TechCrunch, Balic said that he is "a bit irritated" because Apple has labelled his actions as a security threat. It is not yet confirmed that Balic is the "intruder" Apple was referring to in its email.
Balic has also made a video (below) to further demonstrate his intentions.
Below is the full email sent to developers by Apple:
"Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
The developer portal--which developers use to manage their accounts and take care of matters related to the programming and distribution of apps--also hosts Apple's developer forums, API documentation, and more.
Apple remained largely silent about the downtime until Sunday, even as many developers took to Twitter to voice their frustration with the situation, growing increasingly nervous as the outage continued. Some developers feared that their apps would get pulled from the App Store, since they couldn't log in to renew their developer accounts; Apple eventually clarified that developers facing that specific situation needn't worry.
Additional reporting from Lex Friedman.