Apple blames days-long Developer Center outage on “intruder”


Since Thursday, registered Apple developers trying to download OS X 10.9, iOS 7, or any other Apple software from the company's developer portal have been greeted with a notice that the site was down for "maintenance." Today, the company issued a brief statement (above) blaming the extended outage on an "intruder," and that Apple "[has] not been able to rule out the possibility that some developers’ names, mailing addresses, and/or e-mail addresses may have been accessed."

The notice says that "sensitive" information could not be accessed by the intruder because it was encrypted, and the company told MacWorld that the system in question is not used to store "customer information," application code, or data stored by applications. Anecdotal reports (including one from our own Jacqui Cheng) point to a sudden spike in password reset requests for some Apple IDs, suggesting that e-mail addresses have in fact been accessed and distributed but that passwords were not. In any case, we generally recommend that users change their passwords when any breach (or suspected breach) like this occurs.

"In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database," the statement said. Apple has also given week-long extensions to any developers whose program subscriptions were scheduled to lapse during the outage, which will keep those developers' applications from being delisted in Apple's various App Stores.

Read on Ars Technica | Comments


Hack exposes e-mail addresses, password data for 2 million Ubuntu Forum users

The defacement left on the Ubuntu Forums website.

E-mail addresses, user names, and password data for every registered user of the Ubuntu Forums—estimated to be 1.82 million accounts—were exposed in a security breach hitting the company responsible for maintaining the freely available, open-source operating system. There's no sign the compromised data has been published online.

The Ubuntu Forums were closed Saturday evening following the discovery that the site's homepage was defaced by someone who managed to gain privileged access to its underlying servers. To their credit, administrators with Canonical, the for-profit company that markets Ubuntu, quickly issued an advisory that warned users who used their forum password to safeguard other accounts to change the credentials immediately. The forums remained inaccessible at time of writing on Sunday afternoon.

"While the passwords were not stored in plain text, good practice dictates that users should assume the passwords have been accessed and change them," Ubuntu CEO Jane Silber wrote in an updated advisory. "If users used the same password on other services, they should immediately change that password."

Read 6 remaining paragraphs | Comments