Turkish researcher claims responsibility for Apple dev site hack

Turkish researcher Ibrahim Balic says he found multiple vulnerabilities at Apple's developer website, but did not intend to bring the site down.

A Turkish security researcher, Ibrahim Balic, issued a sceencast video on YouTube earlier today -- which was initially public, but was yanked from public viewing this afternoon -- that appeared to show he successfully hacked into Apple's developer program website. The Apple site had gone offline this past Thursday, at first without explanation, and then later with the notice that "an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed; however, we have not been able to rule out the possibility that some developers' names, mailing addresses and/or email addresses may have been accessed."

YouTube image of Apple data

Screen shot from YouTube video claiming credit for Apple developer site hack. The user's name is shown in the clear in the original.

Balic told Britain's The Guardian that his: "Intention was not attacking. In total I found 13 bugs and reported [them] directly one by one to Apple straight away. Just after my reporting [the] dev center got closed. I have not heard anything from them, and they announced that they got attacked."

One cause of initial comments on YouTube following the appearance of the video was the inclusion in the video of actual usernames and email addresses. One commenter, for example, felt that "a real Web security expert would never expose personal info on YouTube!"

In a weekend letter to account holders at the site, Apple said it is "completely overhauling our developer systems, updating our server software, and rebuilding our entire database."

Dig deeper on Identity Theft and Data Security Breaches

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close