Apple has revealed that its DevCenter website has been offline since last Thursday because of a security breach that could have resulted in developer names, email addresses and mailing addresses being compromised. However, Ibrahim Balic from the UK, who claims to be a ‘security researcher’, has now come forward stating that Apple shut down the site after he reported certain security vulnerabilities that existed on the Dev Center website to the company.
Although Apple’s main developer website continues to remain operational, trying to go to the DevCenter website redirects visitors to a statement from Apple. The DevCenter website is used by Apple developers as a forum and is also a resource centre for downloading software such as the iOS and MacOS SDKs and iOS 7 Beta. Apple’s statement on the DevCenter website reads:
“Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.”
However, in spite of Apple’s claims, Balic maintains that his intentions were pure and that he had reported all of the security vulnerabilities to Apple, including a bug that could be exploited to gain users’ information. Balic surfaced in the comments section of a Tech Crunch story about the DevCenter hack where he also stated that he had tried to reach out to Apple but there had been no response. Balic confessed to feeling “irritated” as he had not engaged in hacking but instead had been trying to study the security failings of the Apple website.
There is no word yet from Apple when the Dev Center website will go back live.
Sources: The Next Web, TechCrunch