Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's Developer Center Experiences Daylong Outage
- Thread starter MacRumors
- Start date
- Sort by reaction score
As long as they didn't get my password and credit card info, I'm not too worried.
Security breaches are of course, still a bad thing.
Security breaches are of course, still a bad thing.
I just got an email from Apple about my developer account information has been illegally accessed Quote "Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, were completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
In order to prevent a security threat like this from happening again, were completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
Did you not read the email? They didn't get bank card info, passwords etc.
----------
Updating their Server software.
Why does that sound funny.
Guess Tiger was getting a bit old
Where in that email does it say your information was illegally accessed. All developers are getting the same email and it says they can't rule out the possibility that some developers information may have been accessed.
I got the email too (at 11.38pm UK time, which correlates with the PDT times given).
I'm not too worried - it's not like my name, phone, email and street address aren't public knowledge and accessible through Whois servers anyway for the domain names I own. So I might get a bit more junk mail... I'll cope!
I'm not too worried - it's not like my name, phone, email and street address aren't public knowledge and accessible through Whois servers anyway for the domain names I own. So I might get a bit more junk mail... I'll cope!
Never underestimate what a committed group of hackers can do. You think your information is failsafe secure? Maybe it is, maybe it isn't. It doesn't hurt to be cautious and it doesn't cost anything.
Yeah, I read it.. I was the first one to post it on this thread.
I was not taking any chances myself with the card details, Remember Sony Playstation network when they said no personal information was stolen and it took them weeks to admit they had all been stolen!
I have just cut on my card from the bank. Prevention is better than a cure!
Jamie
I have just cut on my card from the bank. Prevention is better than a cure!
Jamie
Does the message we've just received from Apple mean we can look forward to uptime very soon? I'm hoping that they've chosen to send it now, as opposed to say on Thursday or Friday, because they've almost finished updating server software and rebuilding db etc. Hoping to see new dev center Monday morning with beta 4 all ready for download. Here's to hoping anyways...
I'd like to point out that just because something is encrypted doesn't necessarily mean it can't be broken, given enough time and CPU/GPU cycles. I'm in the process of changing over my Apple developer bank account anyway.
"In the spirit of transparency, we want to inform you...", never thought I would hear those words from Apple!
From Macworld:
Apple did confirm to Macworld that the website that was breached was not associated with any customer information; all customer information is securely encrypted, a company spokesperson said. The attacker also did not have access to app code, or the servers where app information is stored, Apple told Macworld. The company declined to comment on whether legal authorities were involved in its investigation of the hack.
Apple did confirm to Macworld that the website that was breached was not associated with any customer information; all customer information is securely encrypted, a company spokesperson said. The attacker also did not have access to app code, or the servers where app information is stored, Apple told Macworld. The company declined to comment on whether legal authorities were involved in its investigation of the hack.
Which begs the question: Why was all the developer information not "securely encrypted" (which, as I pointed out earlier, doesn't necessarily mean it's safe)? That statement perhaps tells us what bad things did not happen, it doesn't tell us what bad things did happen.
Do devs come under the 'customer' heading? Seems not given the contents of the email Apple sent telling us that some dev info may have been accessed. Not clear without further clarification. Time to make some changes on my dev account, as others have suggested.
"an intruder attempted to secure personal information of our registered developers from our developer website" right there in lawyer speak
This.
In theory, anything that is encrypted can be decrypted, if enough time and effort is made to figure out what the original encryption key is. I'm not saying it's easy, but it can be done. Effort of this magnitude probably wouldn't be wasted on Apple Developer accounts though, unless there was a *very* good reason.
Good point. Keep in mind, it took Apple roughly four days to address this matter in any way. Certainly the public relations department was ironing out how to handle the matter over a weekend, however Apple certainly had to have known by Friday that the system was comprised as they shut it down. Why weren't we contacted sooner rather than leaving many in the dark?
I think you are way off-base here. The reasons the journos you mentioned write about products more than an incident such as this one are:
1. Only a small minority of Apple Users care that the Dev Center is down.
2. Apple feeds info to a select few bloggers/journalists whether true or false to control the rumor mill to an extent. If Apple isn't telling Gruber anything about the outage, why would you expect him to find out more?
These people aren't and never claimed to be investigative journalists. They are the media, yes, but they will write about what people want to read about. Period. I think calling the guys you mentioned Gruber, Dalrymple, Laporte, etc.) "toothless" is a completely illogical argument.
As a side note, if you are a developer (which I assume you are), it's in your best interest for people to get really excited for all those "iToys" you mention.
Then why would I get those emails? I am not a developer. Never have been. Never requested to be one.
I commented because I was getting the exact same emails about resetting my password that developers were getting. This problem is much bigger if non developers are now getting this email. It tells be the breach is much larger than what is being reported.
So reset password for what exactly if you are not a developer (and have no developer account)? Seems like some random and common/usual phishing attempt at best. Like tons of people who get emails to reset their Bank of America passwords yet they not only don't have an account there but perhaps never even heard of Bank of America at all.