Apple has confirmed that hackers successfully breached its developer portal site, potentially compromising users' names, email addresses and mailing addresses.
A company spokesman confirmed the news in a public statement on the site, promising that all information stored on the portal is encrypted, meaning even if lost hackers should still struggle to use it. "Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website," read the statement.
"Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then."
The motivation behind the attack remains unknown, however private security expert Ibrahim Balic has since issued a public statement via YouTube claiming credit for the "breach". Balic claims the breach was not a hack but a legitimate penetration test and that he had alerted Apple about his security research. Apple declined V3's request for comment on Balic's claims.
Regardless of the source of the breach, Apple confirmed that its engineers are redesigning the portal's security protocols to ensure another breach does not occur. "In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologise for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon," read the statement.
The Apple Developer is one of many community sites to be hit in recent weeks. The Ubuntu and NASDAQ community forums have recently suffered similar breaches. The spike is due to the increased value of user information on professional sites. With it hackers can either sell the stolen account information on a cyber black market, or use it themselves to mount sophisticated, socially engineered cyber attacks such as phishing scams.
No comments:
Post a Comment