The hacker who accessed encrypted data from Apple's developer center website says he found and reported 13 bugs to the company, but that he has no intention of accessing or using the encrypted user data he obtained in seeing "how deep" he could go.
In a comment made on TechCrunch, Ibrahim Balic identified himself as a "security researcher" who attempted to point out serious issues to Apple about its Dev Center website. His comments came in response to an admission by Apple on Sunday that its developer website was hacked.
Sensitive personal information included on the registered developers website was encrypted, and Apple does not believe the information can be accessed. But Balic suggested he has been able to obtain some user details as evidence to Apple of an apparent security flaw.
Balic said he found a total of 13 bugs on Apple's site, one of which provided him with access to user information. He claims to have taken 73 user details â all of whom are Apple employees â and given them to the company as an example.
But 4 hours after he gave that user data to Apple, the company shut down its Dev Center website. The outage began last Thursday and has remained ever since, while Apple has worked "around the clock" in an effort to patch the apparent security issues.
Balic's public comments are apparently in an effort to clear his name, as he said he's "not feeling very happy" about how the situation has been portrayed. He also said he's concerned about potential legal action against him.
"I did not done this research to harm or damage," he wrote in his comment. "I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise (sic) of seeing how deep I can go within this scope."
The supposed researcher claims that he has obtained more than 100,000 encrypted user details by exploiting bugs on Apple's Dev Center website. In an a video he posted to YouTube, Balic shows a handful of names and email addresses found in raw data allegedly taken from the Dev Center.
"I will be deleting all the datas I have, only got these datas to see just how deep I can go," the video reads. "Also have informed Apple before taking these datas."
125 Comments
If he's a security researcher and not a hacker, why is he revealing real developers names and other info in a YouTube video? Seems best suited for a white paper or essay no?
Sue him.
No ifs, ands, or buts.
How naive. Wow.
Omg! Exposing real info on utube. Developers will sue u
I was just jiggling the front door knob. When I found it open, I went inside the house to see if the owners had left anything valuable sitting around. Seeing that they did, I stuck some of it in my bag to prove to them how bad it could have been... but I was never going to to anything "wrong", I promise.