iTunes Connect bug logs developers into random Apple account, displays wrong apps
Many developers logging into Apple's iTunes Connect portal on Thursday found themselves presented with a a peculiar and potentially crucial error: The site is displaying the username, company, and apps of someone who is not them.
After logging into the iTunes Connect website, many developers found that the login credentials displayed were for someone else. When browsing to the "My Apps" section, developers were also shown applications that are not theirs.
AppleInsider was able to verify the error with a developer who logged in, only to see the information for a random person who works for the Sherwin-Williams Company.
The applications displayed when logged in were for an entirely different company, Kelly Services, Inc., suggesting that the username may not be associated with the apps displayed.
After logging out and attempting to log back in, the developer was presented with a message saying that iTunes Connect is not available.
The bug first appearing Thursday morning appears to be widespread, as a number of developers took to Twitter to show how the glitch was affecting them. For example, Paul Haddad of Tapbot, maker of Tweetbot, logged in to see a series of H&R Block tax applications, and received numerous responses from other developers experiencing similar issues.
The error allowed developers to see private email addresses and other details of people they were logged in as, presenting the issue as a major security concern. It's unclear whether the login error allowed developers to actually make changes to others' accounts.
iTunes Connect is the gateway developers use to make their applications available for sale on the iOS and Mac App Stores.