Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
As long as they didn't get my password and credit card info, I'm not too worried.

Security breaches are of course, still a bad thing.
 
WOW!

You couldn't possibly be more wrong. This is a VERY BIG DEAL. They also have bankcard information, passwords, and other things.

You don't seem bothered, but many of us are deeply concerned.

I can only hope these hackers were unsuccessful in their efforts.

There will be more to follow.

Stay tuned.

No they can't. The email states all that is encrypted and inaccessible.
 
I just got an email from Apple about my developer account information has been illegally accessed Quote "Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."
 
WOW!

You couldn't possibly be more wrong. This is a VERY BIG DEAL. They also have bankcard information, passwords, and other things.

You don't seem bothered, but many of us are deeply concerned.

I can only hope these hackers were unsuccessful in their efforts.

There will be more to follow.

Stay tuned.

Did you not read the email? They didn't get bank card info, passwords etc.

----------

Updating their Server software.

Why does that sound funny.

:eek:

Guess Tiger was getting a bit old
 
I just got an email from Apple about my developer account information has been illegally accessed Quote "Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."

Where in that email does it say your information was illegally accessed. All developers are getting the same email and it says they can't rule out the possibility that some developers information may have been accessed.
 
I got the email too (at 11.38pm UK time, which correlates with the PDT times given).

I'm not too worried - it's not like my name, phone, email and street address aren't public knowledge and accessible through Whois servers anyway for the domain names I own. So I might get a bit more junk mail... I'll cope!
 
No they can't. The email states all that is encrypted and inaccessible.

Never underestimate what a committed group of hackers can do. You think your information is failsafe secure? Maybe it is, maybe it isn't. It doesn't hurt to be cautious and it doesn't cost anything.

Did you not read the email? They didn't get bank card info, passwords etc.

Yeah, I read it.. I was the first one to post it on this thread. :rolleyes:
 
I was not taking any chances myself with the card details, Remember Sony Playstation network when they said no personal information was stolen and it took them weeks to admit they had all been stolen!

I have just cut on my card from the bank. Prevention is better than a cure!

Jamie
 
Does the message we've just received from Apple mean we can look forward to uptime very soon? I'm hoping that they've chosen to send it now, as opposed to say on Thursday or Friday, because they've almost finished updating server software and rebuilding db etc. Hoping to see new dev center Monday morning with beta 4 all ready for download. Here's to hoping anyways...
 
I'd like to point out that just because something is encrypted doesn't necessarily mean it can't be broken, given enough time and CPU/GPU cycles. I'm in the process of changing over my Apple developer bank account anyway.
 
I'd like to point out that just because something is encrypted doesn't necessarily mean it can't be broken, given enough time and CPU/GPU cycles. I'm in the process of changing over my Apple developer bank account anyway.

"In the spirit of transparency, we want to inform you...", never thought I would hear those words from Apple! :D
 
From Macworld:

Apple did confirm to Macworld that the website that was breached was not associated with any customer information; all customer information is securely encrypted, a company spokesperson said. The attacker also did not have access to app code, or the servers where app information is stored, Apple told Macworld. The company declined to comment on whether legal authorities were involved in its investigation of the hack.
 
From Macworld:

Apple did confirm to Macworld that the website that was breached was not associated with any customer information; all customer information is securely encrypted, a company spokesperson said. The attacker also did not have access to app code, or the servers where app information is stored, Apple told Macworld. The company declined to comment on whether legal authorities were involved in its investigation of the hack.

Which begs the question: Why was all the developer information not "securely encrypted" (which, as I pointed out earlier, doesn't necessarily mean it's safe)? That statement perhaps tells us what bad things did not happen, it doesn't tell us what bad things did happen.
 
From Macworld:

Apple did confirm to Macworld that the website that was breached was not associated with any customer information; all customer information is securely encrypted, a company spokesperson said. The attacker also did not have access to app code, or the servers where app information is stored, Apple told Macworld. The company declined to comment on whether legal authorities were involved in its investigation of the hack.

Do devs come under the 'customer' heading? Seems not given the contents of the email Apple sent telling us that some dev info may have been accessed. Not clear without further clarification. Time to make some changes on my dev account, as others have suggested.
 
Where in that email does it say your information was illegally accessed. All developers are getting the same email and it says they can't rule out the possibility that some developers information may have been accessed.

"an intruder attempted to secure personal information of our registered developers from our developer website" right there in lawyer speak
 
I'd like to point out that just because something is encrypted doesn't necessarily mean it can't be broken, given enough time and CPU/GPU cycles. I'm in the process of changing over my Apple developer bank account anyway.

This.

No they can't. The email states all that is encrypted and inaccessible.

In theory, anything that is encrypted can be decrypted, if enough time and effort is made to figure out what the original encryption key is. I'm not saying it's easy, but it can be done. Effort of this magnitude probably wouldn't be wasted on Apple Developer accounts though, unless there was a *very* good reason.
 
Never underestimate what a committed group of hackers can do. You think your information is failsafe secure? Maybe it is, maybe it isn't. It doesn't hurt to be cautious and it doesn't cost anything.

Good point. Keep in mind, it took Apple roughly four days to address this matter in any way. Certainly the public relations department was ironing out how to handle the matter over a weekend, however Apple certainly had to have known by Friday that the system was comprised as they shut it down. Why weren't we contacted sooner rather than leaving many in the dark?
 
The fact that there still has been no official statement from Apple on the outage just goes to show how toothless the "tech journalism" industry has become.

These so-called journalists (Gruber, Dalrymple, Laporte, etc.) trip over one another as they rush to tell us all about the latest iToys.

Yet when real news happens at 1 Infinite Loop, we hear little more from them than, "The Developer Center is down. Yep."

Pathetic.


I think you are way off-base here. The reasons the journos you mentioned write about products more than an incident such as this one are:

1. Only a small minority of Apple Users care that the Dev Center is down.
2. Apple feeds info to a select few bloggers/journalists whether true or false to control the rumor mill to an extent. If Apple isn't telling Gruber anything about the outage, why would you expect him to find out more?

These people aren't and never claimed to be investigative journalists. They are the media, yes, but they will write about what people want to read about. Period. I think calling the guys you mentioned Gruber, Dalrymple, Laporte, etc.) "toothless" is a completely illogical argument.

As a side note, if you are a developer (which I assume you are), it's in your best interest for people to get really excited for all those "iToys" you mention.:D
 
I'm not even a developer. I got 2 emails in the past hour giving me instructions and link on how to reset my password. Needless to say, I ignored it.
 
don't know. Why did you comment on that thread then?

I commented because I was getting the exact same emails about resetting my password that developers were getting. This problem is much bigger if non developers are now getting this email. It tells be the breach is much larger than what is being reported.
 
I'm not even a developer. I got 2 emails in the past hour giving me instructions and link on how to reset my password. Needless to say, I ignored it.
So reset password for what exactly if you are not a developer (and have no developer account)? Seems like some random and common/usual phishing attempt at best. Like tons of people who get emails to reset their Bank of America passwords yet they not only don't have an account there but perhaps never even heard of Bank of America at all.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.