Apple Confirms Security Breach on Its Developer Center

Apple’s Developer Center has been down for three days and Apple has had very little to say about it, causing developers a lot of concern as the company is transitioning both its mobile and desktop operating systems to the latest versions. Not any more. This morning Apple confirmed that there has been a security breach to the Dev Center.

Tumblr co-founder and indie developer Marco Arment had offered two possible scenarios that may have happened for Apple to have its Dev Center be down for such a long time. First was that there may have been a severe data loss and Apple has been working on restoring everything from backup. He suggested that this is unlikely the case. His second scenario is that there’s been a breach. “The longer it goes, especially with no statements to the contrary, the more this becomes the most likely explanation.”

Apple sent out emails to developers confirming that this second scenario is exactly what happened. The company says in the email that it is currently “overhauling our developer systems, updating our server software, and rebuilding out entire database”.

Previously Apple had informed developers that if their developer accounts had been scheduled to expire over the weekend, the company will have those extended until it is possible to renew them again as everything has been suspended for the time being.

As far as consumers are concerned, this has little to no bearing to their iTunes accounts, credit cards, and passwords as they are kept in a separate system from the developer accounts. Apple has made it known to several news sites and blogs that no customer information had been taken.

Apple admitted that developer names, emails and addresses may have been taken. Indeed, a number of developers over the past few days have mentioned publicly on Twitter and privately over email that there had been unauthorized attempts to reset their Apple Developer account passwords. However, “sensitive personal information was encrypted and cannot be accessed”, according to Apple’s email.

Apple has posted the full text of the email on its developer site but did not say when it expects the Dev Center to return. Developer previews of beta versions of iOS 7 and OS X Mavericks are likely to be delayed until this issue has been fully resolved.

We’ll be back soon.

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers&rsquo names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’e completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.

If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us.

Thank you for your patience.

 

[Header Image from Shutterstock]

Leave a Reply

Your email address will not be published.