Apple says its developer site was hacked, but that sensitive data was encryptedApple reported that its website for third party developers was compromised by "an intruder" seeking access to personal information. The site remains offline as the company investigates the matter and works to "completely overhaul" the system in a bid to prevent future attacks.
The site, which has remained offline since Thursday, provides development tools, documentation and advanced developer preview versions of the company's unreleased software, including iOS 7 and OS X Mavericks.
Most of the site's content is restricted to registered developers who work with Apple under a nondisclosure agreement (NDA). Some additional developer resources outside the restricted site remain available.
A statement released by Apple today stated that "Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers names, mailing addresses, and/or email addresses may have been accessed.
"We have not been able to rule out the possibility that some developers names, mailing addresses, and/or email addresses may have been accessed."
"In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then."
The statement added, "In order to prevent a security threat like this from happening again, were completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
A report by Liz Gannes of the Wall Street Journal "All Things Digital" blog cited Apple spokesman Tom Neumayr as clarifying that the website that was breached is not associated with any customer information. Additionally, customer information is securely encrypted.
The site's unavailability is an inconvenience for developers seeking to access the company's developer resources, which include documentation, advanced developer seeds, and a secure messaging system that allows developers from different companies to meet and discuss matters that would otherwise be restricted under their NDA.
The site is also used to manage access to deploy developers' own apps for internal testing, to register devices for testing purposes (including installation of iOS 7 seeds), to manage developer certificates used to submit apps to Apple for sale through the App Store, and for managing deployed titles.
It's also both an embarrassment and a disruption for Apple, which is racing to complete major upgrades for both its mobile and desktop operating systems this fall, in addition to releasing a new version of Xcode.
On Topic: Mac OS X
- Apple apologizes to developers for Mac App Store certificate flap, explains fix
- Apple issues fourth beta of OS X 10.11.2 to developers for testing
- Certificate problems causing app authentication errors for some Mac App Store users
- Apple issues third OS X 10.11.2 beta to public testers
- Google to discontinue Chrome support for OS X Snow Leopard, Lion & Mountain Lion in April 2016