Apple says its developer site was hacked, but that sensitive data was encrypted
Apple reported that its website for third party developers was compromised by "an intruder" seeking access to personal information. The site remains offline as the company investigates the matter and works to "completely overhaul" the system in a bid to prevent future attacks.
The site, which has remained offline since Thursday, provides development tools, documentation and advanced developer preview versions of the company's unreleased software, including iOS 7 and OS X Mavericks.
Most of the site's content is restricted to registered developers who work with Apple under a nondisclosure agreement (NDA). Some additional developer resources outside the restricted site remain available.
A statement released by Apple today stated that "Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developersâ names, mailing addresses, and/or email addresses may have been accessed.
"We have not been able to rule out the possibility that some developersâ names, mailing addresses, and/or email addresses may have been accessed."
"In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then."
The statement added, "In order to prevent a security threat like this from happening again, weâre completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
A report by Liz Gannes of the Wall Street Journal "All Things Digital" blog cited Apple spokesman Tom Neumayr as clarifying that âthe website that was breached is not associated with any customer information. Additionally, customer information is securely encrypted.â
The site's unavailability is an inconvenience for developers seeking to access the company's developer resources, which include documentation, advanced developer seeds, and a secure messaging system that allows developers from different companies to meet and discuss matters that would otherwise be restricted under their NDA.
The site is also used to manage access to deploy developers' own apps for internal testing, to register devices for testing purposes (including installation of iOS 7 seeds), to manage developer certificates used to submit apps to Apple for sale through the App Store, and for managing deployed titles.
It's also both an embarrassment and a disruption for Apple, which is racing to complete major upgrades for both its mobile and desktop operating systems this fall, in addition to releasing a new version of Xcode.