Since Thursday, registered Apple developers trying to download OS X 10.9, iOS 7, or any other Apple software from the company's developer portal have been greeted with a notice that the site was down for "maintenance." Today, the company issued a brief statement (above) blaming the extended outage on an "intruder," and that Apple "[has] not been able to rule out the possibility that some developers’ names, mailing addresses, and/or e-mail addresses may have been accessed."
The notice says that "sensitive" information could not be accessed by the intruder because it was encrypted, and the company told MacWorld that the system in question is not used to store "customer information," application code, or data stored by applications. Anecdotal reports (including one from our own Jacqui Cheng) point to a sudden spike in password reset requests for some Apple IDs, suggesting that e-mail addresses have in fact been accessed and distributed but that passwords were not. In any case, we generally recommend that users change their passwords when any breach (or suspected breach) like this occurs.
"In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database," the statement said. Apple has also given week-long extensions to any developers whose program subscriptions were scheduled to lapse during the outage, which will keep those developers' applications from being delisted in Apple's various App Stores.
Read on Ars Technica | Comments
     |