The Apple Developer site has been down since Thursday and now Apple has released a statement saying that the site was compromised by an “intruder”. This comes less than a week after Truecaller admitted that hackers had breached its website and had gained unauthorized access to data.
The attack comes at a very crucial time for Apple as it is preparing major upgrades for both iOS 7 and its desktop operating system Mavericks before September. The site is still offline as the company investigates the matter and works to completely overhaul the system in a move to prevent future attacks.
The Apple Developer site mainly provides development tools, documentation and advanced developer preview versions of the company’s unreleased software. It is also used to manage access to deploy developers’ own apps for internal testing, to register devices for testing purposes (including installation of iOS 7 seeds), to manage developer certificates used to submit apps to Apple for sale through the App Store, for managing deployed titles and developer forums.
The content in this website is restricted to only registered developers who have agreed to a non-disclosure agreement (NDA) with Apple.
The statement released by Apple says:
Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. We have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
What comes as a shock is that though the attempted breach happened on Sunday, it took Apple over 72 hours to release a statement. Apart from putting a lot of developers through some tough times, that time could also have been used to change passwords if necessary.
Apple has also announced that it in order to prevent this from happening again it is “completely overhauling developer systems, updating our server software, and rebuilding our entire database.” It does not mention when the site will be back up again.
An Apple spokesman told CNET that the company’s developer website is “not associated with any customer information” and that “customer information is securely encrypted.”