Apple Developer Center Was Hacked; Site Remains Down While Company Overhauls Security

Apple’s developer site was accessed by “an intruder” last Thursday, the company has disclosed, and Apple has not ruled out the possibility that developers’ names, mailing addresses and/or email addresses were compromised.

The company just sent developers an email explanation, after pushing them off for the past three days with notices that the developer site was down for maintenance.

It appears that the potentially vulnerable names and addresses had not been encrypted. By contrast, Apple said developers’ “sensitive personal information” was encrypted, so it has not been accessed.

Before it reopens the developer site, Apple is “completely overhauling our developer systems, updating our server software, and rebuilding our entire database,” the email said.

Apple spokesman Tom Neumayr said he would not go into further detail about the weakness of the old system or the improvement of the new system, but he noted that no customer information was impacted.

“The website that was breached is not associated with any customer information,” Neumayr said. “Additionally, customer information is securely encrypted.”

The Apple developer site — which allots access to iOS 7, OS X Mavericks and other development kits, helps developers allocate apps to beta testers, and also includes popular developer-only forums — went down Thursday, and was first marked with a notice saying it was down for maintenance.

Later, it was updated with a notice saying, “We apologize that maintenance is taking longer than expected.” Developers were told that their memberships that would have expired during the downtime had been automatically extended.

Extended downtime is rare, and developers had wondered what was up, with some, including Marco Arment, theorizing that there had been some sort of security breach.

Here’s the full notice: