In an email to developers, Apple wrote:
“Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed; however, we have not been able to rule out the possibility that some developers’ names, mailing addresses and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
“In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software and rebuilding our entire database. We apologise for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.”
The developer portal – which developers use to manage their accounts and take care of matters related to the programming and distribution of apps – also hosts Apple’s developer forums, API documentation and more.
Apple remained largely silent about the downtime until Sunday, even as many developers took to Twitter to voice their frustration with the situation, growing increasingly nervous as the outage continued. Some developers feared that their apps would get pulled from the App Store, since they couldn’t log in to renew their developer accounts; Apple eventually clarified that developers facing that specific situation needn’t worry.
Apple did confirm to Macworld that the website that was breached was not associated with any customer information; all customer information is securely encrypted, a company spokesperson said. The attacker also did not have access to app code, or the servers where app information is stored, Apple told Macworld. The company declined to comment on whether legal authorities were involved in its investigation of the hack.
by Lex Friedman, Macworld