Apple Developer Website Hacked: Developer Names, Addresses May Have Been Taken

News reporting would go something like this...

Of the Apple hacking, which didn't really affect much, and is actively being resolved:

Apple completely compromised!

Of the Android master key exploit which exposes 900 million phones to malware/viruses and more, and has no chance of ever being resolved:

<chirp><chirp><chirp>

I'm not normally one to step up and defend Apple, but in this case, sadly this is how things are now.

Facebook has been hacked, Twitter has been hacked, Sony has been hacked, Zendesk has been hacked, Microsoft has been hacked, Ubuntu has been hacked, numerous government websites have been hacked etc. etc.

It's simply next to impossible these days to guarantee security in the millions of lines of code that constitute modern Operating Systems and the dozens of processes that run on them. Someone will find a vulnerability sooner or later and exploit it. The only thing you can do is make it as hard as possible for them, and store your data in as safe a manner as possible with strong encryption (and hashing for passwords).

This was going to happen sooner or later, and while it looks bad for Apple, it's a fact of life that there are people out there for whom hacking is their job and how they earn their money. The only way to secure your data from hacking, is not to put it on the internet. End of story.

oh dam

this will hit news stations like a frenzy, android users are gonna gloat

Travel back in Time and stop this NOW!

Fixed point in time it cant be changed! ITS ALL JUST WIBBLY WOBBLY TIMEY WIMEY

Do developer names, mailing addresses and email addresses, not constitute sensitive?

Why didn't you do this as routine maintenance to prevent anything like this from happening to this severity? Sure you can't make it 100% immune from attacks, but you could make the data 98% safe.

It seems you don't have much experience building secure websites. What you do is building security in depth. You make sure nobody can get in, and you make sure there's nothing to see if somebody gets in. You always assume that someone _might_ figure out how to get around one defense, and have a second defense in place. That's what Apple did, and it worked. Most likely the attacker didn't get access to anything, and what there was to access was encrypted.

If you knew of ways to get past one of the defences, you would of course fix it. Somebody got in, which means they used a method that wasn't anticipated and couldn't have been fixed. Because of "security in depth", that breach didn't gain the attacker anything, but now Apple knows what they did and makes the necessary changes. It is quite possible that Apple's security developers have from time to time found possible attacks and quietly fixed them; you wouldn't notice it.

----------

Why didn't these hackers go after the NSA? They already have all Apple Dev Center data and lots more..

That's of course nonsense, and you know that. And if it was true, you wouldn't go after the NSA. You go after someone who can't lock you away for the rest of your sad life without a court case.

this shows that apple is no longer reliable and it may affect stocks greatly.
There goes the public trust...Apple....

Nonsense. There's security in depth in place. Someone got past one defense, was promptly detected, and other defenses stopped him. Exactly how it is supposed to work. Public trust is also based on how a company handles problems: Apple handled it by immediately shutting down the site, which is inconvenient, but the absolutely safe thing to do, and they promptly informed the affected people about what was going on. Others companies would have kept the site running, hoping that nothing else happens. That's the companies you can't trust.

News reporting would go something like this...

Of the Android master key exploit which exposes 900 million phones to malware/viruses and more, and has no chance of ever being resolved:

How DARE you bring REASON to this discussion. It's about jumping on the hating Apple bandwagon and bringing its stock to it's knees! /s

But yes, I'm sure we'll hear about it in the news and the android exploit goes unnoticed.

Hopefully this doesn't effect iOS 7 Beta 4 release. But I think it most likely will. :(

This whole Apple vs Android fanboys thing is a little tiring for us normal people. Half of the comments are about how Android fanboys will hurt your feelings after this and you are already coming up with how you should fire back. Grow up and get a life! Both sides! The only thing that makes you a representative of either company is a malfunctioning group of cells in your brains.

Back to the actual topic, that's a pretty major fail on Apple's side. And before you jump into any conclusions, I'm an iPhone user.

I'm not normally one to step up and defend Apple, but in this case, sadly this is how things are now.

Facebook has been hacked, Twitter has been hacked, Sony has been hacked, Zendesk has been hacked, Microsoft has been hacked, Ubuntu has been hacked, numerous government websites have been hacked etc. etc.

It's simply next to impossible these days to guarantee security in the millions of lines of code that constitute modern Operating Systems and the dozens of processes that run on them. Someone will find a vulnerability sooner or later and exploit it. The only thing you can do is make it as hard as possible for them, and store your data in as safe a manner as possible with strong encryption (and hashing for passwords).

This was going to happen sooner or later, and while it looks bad for Apple, it's a fact of life that there are people out there for whom hacking is their job and how they earn their money. The only way to secure your data from hacking, is not to put it on the internet. End of story.

Very well said. It's just like physical break-ins...it's going to happen. Maybe not to you, maybe not to your stuff, but it will continue and no one can stop it.