Apple says developer site was hacked on Thursday, affecting 275,000 logins

Rotten Apple

Apple says its Developer portal has been hacked and that some information about its 275,000 registered third-party developers who use it may have been stolen.

The portal at developer.apple.com had been offline since Thursday without explanation, raising speculation among developers first that it had suffered a disastrous database crash, and then that it had been hacked.

Apple said in an email to developers late on Sunday night that "an intruder attempted to secure personal information of our registered developers… [and] we have not been able to rule out the possibility that some developers' names, mailing addresses and/or email addresses may have been accessed."

It didn't give any indication of who carried out the attack, or what their purpose might have been. Apple said it is "completely overhauling our developer systems, updating our server software, and rebuilding our entire database [of developer information]."

Some people reported that they had received password resets against their Apple ID - used by developers to access the portal - suggesting that the hacker or hackers had managed to copy some key details and were trying to exploit them.

If they managed to successfully break into a developer's ID, they might be able to upload malicious apps to the App Store. Apple said however that the hack did not lead to access to developer code.

The breach is the first known against any of Apple's web services. It has hundreds of millions of users of its iTunes and App Store e-commerce systems. Those systems do not appear to have been affected: Apple says that they are completely separate and remained safe.

Apple's Developer portal lets developers download new versions of the Mac OS X and iOS 7 betas, set up new devices so they can run the beta software and access forums to discuss problems. A related service for developers using the same user emails and passwords, iTunes Connect, lets developers upload new versions of apps to the App Store. That was still functioning throughout the attack and afterwards.

But if the hack provided access to developer IDs which could then be exploited through phishing attacks, there would be a danger that apps could be compromised. Apps are uploaded to the App Store in a completed form - so hackers could not download "pieces" of an existing app - and undergo a review before being made publicly available.

High-profile companies are increasingly the target of increasingly skilful hackers. in April 2011, Sony abruptly shut down its PlayStation Network used by 77 million users and kept it offline for seven days so that it could carry out forensic security testing, after being hit by hackers - who have never been identified.

It has also become a risk of business for larger companies and small ones alike. On Saturday, the Ubuntu forums were hacked, and all of the passwords for the thousands of users stolen - although they were encrypted. On Sunday, the hacking collective Anonymous said that it hacked the Nauruan government's website.

On Sunday, the Apple Store, used to sell its physical products, was briefly unavailable - reinforcing suspicions that the company was carrying out a wide-ranging security check. The company has not commented on the reasons for the story going down.

Marco Arment, a high-profile app developer, noted on his blog before Apple confirmed the hack that " I don't know anything about [Apple's] infrastructure, but for a web service to be down this long with so little communication, most 'maintenance' or migration theories become very unlikely."

He suggested that the problem could either be "severe data loss" in which restoring from backups has failed - but added that the downtime "is pretty long even for backup-restoring troubles" - or else "a security breach, followed by cleanup and increases defenses".

Of the downtime, he said "the longer it goes, especially with no statements to the contrary, the more this [hacking hypothesis] becomes the most likely explanation."

Powered by Guardian.co.ukThis article was written by Charles Arthur, for guardian.co.uk on Monday 22nd July 2013 06.46 Europe/London

guardian.co.uk © Guardian News and Media Limited 2010