Researcher claims he alerted Apple of developer center vulnerability

dev comment

As you’ve probably heard by now, Apple’s developer center was hacked. The portal has been down for over 4 days now, as the company says it is completely overhauling its systems, updating its server software, and rebuilding its entire database.

A statement from Apple claims ‘an intruder’ attempted to secure personal information about developers from the site, but it provided no further details about the incident. Now, a security researcher is claiming responsibility for the attack…

In a comment left on a TechCrunch article about the dev center attack, UK-based researcher Ibrahim Balic says it may have been him that caused the outage. Apparently he’s been sending Apple info on security bugs he’s discovered in their systems.

“In total I have found 13 bugs and have reported through The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I’ve also added screenshots.

One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example.

4 hours later from my final report Apple developer portal gas closed down and you know it still is.”

Additionally, he’s posted this video with more details on his work:

Despite the appearance of a malicious attack, Balic remains adamant that he did all of this for security research purposes. He says he has alerted Apple of all of the bugs he’s found, and data he’s accessed, and that he plans to delete the information.

Apple’s developer center first went offline sometime around noon on Thursday, July 18. And at the time of this writing, it is still down. In a statement earlier today, the company said that no sensitive user or app data was accessed during the breach.