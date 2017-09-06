New in OS X: Get MacRumors Push Notifications on your Mac

Apple Developer Site Down as Developers Report Possible Hack [Update: Apple Says No Breach]

Wednesday September 6, 2017 1:53 pm PDT by Juli Clover
Apple's Developer site has been down for a couple of hours now, and while it originally seemed like the outage was related to maintenance, a few reports trickling in from developers suggests there could potentially be another cause.

Several developers are reporting that all of their developer account addresses have been updated with an address in Russia, perhaps indicating some kind of breach or serious internal error. According to multiple developer reports, their accounts list a Russian address instead of their correct address.



It's not clear what's going on with the developer site at this time. We have reached out to Apple for more information and will update this post should any new information become available.

Back in 2013, Apple's Developer Center was breached by hackers and was taken offline for several days as Apple worked to fix the breach, rebuild the developer database, and implement better security practices. At that time, Apple said sensitive personal information was encrypted and inaccessible, but some developers' names, mailing addresses, and email addresses may have been leaked.

Update: The Apple Developer site is now back up. No reason has been provided for the outage or the appearance of Russian addresses on some accounts.

Update 2: In a statement provided to MacRumors and sent out to affected developers, Apple's Developer Program support staff says there was no security breach. Instead, there was a bug in the account management application that caused address information to be temporarily displayed incorrectly.
"Due to a bug in our account management application, your address information was temporarily displayed incorrectly in your account details on the Apple Developer website. The same incorrect address was displayed to all affected developers. The underlying code-level bug was quickly resolved and your address information now shows correctly. There was no security breach and at no time were the Apple Developer website, applications, or services compromised; nor were any of your Apple Developer membership details accessed by, shared with, or displayed to anyone."
ck2875
ck2875
2 days ago at 02:14 pm

This probably has little to do with login, hackers most likely found a backdoor.


If there was a backdoor, my money’s on it being disclosed by that HomePod firmware.
Rating: 12 Votes
justperry
justperry
2 days ago at 01:57 pm

Bad timing. . .



It always is.
Rating: 7 Votes
scfxmac
scfxmac
2 days ago at 02:36 pm
I can confirm this is true. The developer account for my company was in fact hacked, which included our banking information (banking info was replaced with a Russian bank). It's a big deal, and definitely not something for people to be joking about. The fact that a company as big as Apple is this vulnerable should worry everyone.
Rating: 7 Votes
bteters
bteters
2 days ago at 01:54 pm
Bad timing. . .
Bad timing. . .
Avatar
mariusignorello
2 days ago at 01:54 pm
Oh not again. The last hack took the site down for a week.
Rating: 5 Votes
jclo
jclo
2 days ago at 03:02 pm

But it was never confirmed in the previous hack. Within 4 years, wouldn't they have contacted affected parties if it did happen...?


From an email Apple sent to developers in 2013, which does indeed say there is a possibility names, mailing addresses, and email addresses were accessed:

"Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
Rating: 4 Votes
Blu Reel
Blu Reel
2 days ago at 04:05 pm

As usual, Apple is going to remain silent on the hack and pretend it never happened.

Well, why let a hacker know that he succeeded with which method?
Rating: 4 Votes
RF9
RF9
2 days ago at 02:53 pm
if I was the hacker, I wouldn't update the account I hacked with MY address. I can't believe a Russian hacker would even use a Russian address. I'm not saying it's not a hack, I'm just saying that I'm skeptical that it's Russians just because the address is in Russia.
Rating: 4 Votes
ddkkpp
ddkkpp
2 days ago at 02:35 pm

Irresponsible macrumors for making up a possible outcome that there is no evidence of having happened.


Look at the whole quote:

Back in 2013, Apple's Developer Center was breached by hackers ('//www.macrumors.com/2013/07/19/apples-developer-center-experiences-daylong-outage/') and was taken offline for several days as Apple worked to fix the breach, rebuild the developer database, and implement better security practices. At that time, Apple said sensitive personal information was encrypted and inaccessible, but some developers' names, mailing addresses, and email addresses may have been leaked.

now read the first 3 words. that'll give you context for the last 3.
Rating: 4 Votes
Avatar
mariusignorello
2 days ago at 02:17 pm
Russian interference with the launch of the next iPhone confirmed.
Rating: 3 Votes

