Late Sunday afternoon, Cupertino finally emailed an explanation to devs as to why the Apple Developer Website was taken offline last Thursday — it had been hacked. The company added that critical developer data had not been compromised and that they were working day n’ night to fix the vulnerability and bring the site back online.
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed… [MORE] — From Apple’s email to developers
Now, however, we have learned there’s even more to the story. A London-based security researcher, Ibrahim Baliç, who goes to great pains to assert he’s not a hacker, all but says he was the intruder.
As you can see for yourself, developer names and emails were, indeed, accessed. Moreover, if you study the time stamps, it would appear Ibrahim Baliç collected the data hours before the Apple Developer Website was taken offline.
How much information? Over 100,000 developer and regular user accounts were accessed.
Further thereto, 9 to 5 Mac adds that, “In an email… Balic … is persistent in stating he did this for security research purposes and does not plan to use the information in any malicious manner.”
And, you know what else? Ibrahim is quite pleased with himself right now.
“[O]ff course this can not be expressed in words how much I love doing my job,” he wrote in the text introduction in the above video.
Well, Ibrahim, I sincerely hope you love keeping your word (i.e. he’s promised to delete his copy of the data) as much as you love your job…
What’s your take?