Apple confirmed that the company’s developer website was hacked on Thursday and taken down to investigate the matter. The website remained down on Monday for four days after a cyber-attack in which an intruder tried to gain to access to person information.
Apple is examining the issue and wants “completely overhaul” system in order to avoid future attacks. Primarily the website is dedicated to third party developers only where they submit and update their apps; renew their contract etc., and get development tools, documentation, advanced developer preview of software like iOS 7 and OS X Mavericks. The site is still down, and repair mechanism is already underway.
Apple has already sent out a message, informing the situation that reads, “We’ll be back soon.” The Cupertino-based company has also ensured developers that their valuable data and information was encrypted and hence it cannot be accessed (by intruders); however some useful information might be compromised; including names, mailing addresses and e-mail addresses of some developers.
Meantime Apple consumers can breathe a sigh of relief because the website has nothing to do with customers’ information, which is safe and “securely encrypted.” said Apple spokesman Tom Neumayr.
Apple has been working round the clock in order to ensure that the site is up and running again with a much better security system. “We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon,” says Apple’s message.
However things are turning upside down now as a Turkish security researcher Ibrahim Balic has taken the responsibility, claiming to have found a vulnerability in the system. He told Guardian that He had found and reported total 13 bugs to Apple, and also collected sensitive information, aiming how much he could go deeper inside the system.
According to some reports, hackers were actively taking advantage of the vulnerability and planned to reset the passwords using Apple ID – used to access developer’s portal. Hence the apology message and clarifications don’t explain, “Why did Apple wait for three days before notifying developers about the incident?”