New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Developer Site Down as Developers Report Possible Hack [Update: Apple Says No Breach]

Wednesday September 6, 2017 1:53 pm PDT by Juli Clover
Apple's Developer site has been down for a couple of hours now, and while it originally seemed like the outage was related to maintenance, a few reports trickling in from developers suggests there could potentially be another cause.

Several developers are reporting that all of their developer account addresses have been updated with an address in Russia, perhaps indicating some kind of breach or serious internal error. According to multiple developer reports, their accounts list a Russian address instead of their correct address.



It's not clear what's going on with the developer site at this time. We have reached out to Apple for more information and will update this post should any new information become available.

Back in 2013, Apple's Developer Center was breached by hackers and was taken offline for several days as Apple worked to fix the breach, rebuild the developer database, and implement better security practices. At that time, Apple said sensitive personal information was encrypted and inaccessible, but some developers' names, mailing addresses, and email addresses may have been leaked.

Update: The Apple Developer site is now back up. No reason has been provided for the outage or the appearance of Russian addresses on some accounts.

Update 2: In a statement provided to MacRumors and sent out to affected developers, Apple's Developer Program support staff says there was no security breach. Instead, there was a bug in the account management application that caused address information to be temporarily displayed incorrectly.
"Due to a bug in our account management application, your address information was temporarily displayed incorrectly in your account details on the Apple Developer website. The same incorrect address was displayed to all affected developers. The underlying code-level bug was quickly resolved and your address information now shows correctly. There was no security breach and at no time were the Apple Developer website, applications, or services compromised; nor were any of your Apple Developer membership details accessed by, shared with, or displayed to anyone."


[ 75 comments ]


Top Rated Comments

(View all)

Avatar
ck2875
24 months ago

This probably has little to do with login, hackers most likely found a backdoor.


If there was a backdoor, my money’s on it being disclosed by that HomePod firmware.
Rating: 12 Votes
Avatar
justperry
24 months ago

Bad timing. . .



It always is.
Rating: 7 Votes
Avatar
scfxmac
24 months ago
I can confirm this is true. The developer account for my company was in fact hacked, which included our banking information (banking info was replaced with a Russian bank). It's a big deal, and definitely not something for people to be joking about. The fact that a company as big as Apple is this vulnerable should worry everyone.
Rating: 7 Votes
Avatar
bteters
24 months ago
Bad timing. . .
Rating: 5 Votes
Avatar
mariusignorello
24 months ago
Oh not again. The last hack took the site down for a week.
Rating: 5 Votes
Avatar
jclo
24 months ago

But it was never confirmed in the previous hack. Within 4 years, wouldn't they have contacted affected parties if it did happen...?


From an email Apple sent to developers in 2013, which does indeed say there is a possibility names, mailing addresses, and email addresses were accessed:

"Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
Rating: 4 Votes
Avatar
Blu Reel
24 months ago

As usual, Apple is going to remain silent on the hack and pretend it never happened.

Well, why let a hacker know that he succeeded with which method?
Rating: 4 Votes
Avatar
RF9
24 months ago
if I was the hacker, I wouldn't update the account I hacked with MY address. I can't believe a Russian hacker would even use a Russian address. I'm not saying it's not a hack, I'm just saying that I'm skeptical that it's Russians just because the address is in Russia.
Rating: 4 Votes
Avatar
ddkkpp
24 months ago

Irresponsible macrumors for making up a possible outcome that there is no evidence of having happened.


Look at the whole quote:

Back in 2013, Apple's Developer Center was breached by hackers ('https://www.macrumors.com/2013/07/19/apples-developer-center-experiences-daylong-outage/') and was taken offline for several days as Apple worked to fix the breach, rebuild the developer database, and implement better security practices. At that time, Apple said sensitive personal information was encrypted and inaccessible, but some developers' names, mailing addresses, and email addresses may have been leaked.

now read the first 3 words. that'll give you context for the last 3.
Rating: 4 Votes
Avatar
mariusignorello
24 months ago
Russian interference with the launch of the next iPhone confirmed.
Rating: 3 Votes

[ Read All Comments ]