For those of you with developer accounts, the site was hacked…
I’ve had an Apple Developer account for about 3 years. Like all development account members, I use it to get access to Apple’s prerelease software to help with my development and testing efforts. I’m a hobby developer. I don’t develop things for sale.
The big problem with all of that is that I have a single email address or single Apple ID. Apple ties your Developer account to your Apple ID, and you log into the site with it. I knew the site was down and had been down for a few days, more than expected. Today, I was greeted with the following note from Apple
Apple Developer Website Update:
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
The site got hacked, and they can’t guarantee that my Apple ID and password, as well as my other personal information, weren’t compromised. That’s just terrific.
Well, this certainly isn’t the end of this one. You can bet that there will be additional fallout on the Apple side of the world for this. While I think it’s a good idea to completely change the system, part of the changes would be to NOT tie everything to my Apple ID, but to another user ID and password.
There will be more from me on this as the story develops. Please watch the Soft32 blog for additional updates.