The notoriously tight-lipped Apple saw its fair share of controversy this weekend, when the company's developer center was hacked, causing the website to go down for four days.
The developer site, which contains information for programmers building iOS apps, went down last Thursday and stayed dark throughout the weekend. After three days of silence—and mounting tension from the programmers kept in the dark—Apple admitted there had been a security breach.
"An intruder" gained access to the personal information of some 275,000 third-party developers, the company said in a statement. "We have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed."
The site is back up again today.
Late last night the story behind the mysterious hack continued to unfold. Ibrahim Balic, a Turkish researcher based in London, came forward to take responsibility for the break-in, but claimed it wasn't a malicious hack.
Balic said he is a white hat security researcher and was just doing his job when he identified a vulnerability in the system. He hacked into the personal details of 73 users (all Apple employees) to use as an example to prove the bug, and informed Apple right away, he wrote in a comment on TechCrunch. Four hours later the site was shut down.
Users started to notice the site was down on Thursday, and grew more nervous when a string of programmers began Tweeting that they had received messages about unsolicited password reset requests.
If a hacker got his or her hands on developer IDs, they could infect Apple apps with malware. What's more, programmers' payment information is available online, and if the hacker was able to access iTunes accounts, the credit card information of millions of users could be obtained.
Apple assured users in a statement to press that the hack only affected developer accounts; standard iTunes accounts weren't accessed and no credit card data was compromised. The company said it waited three days to alert developers because they were trying to figure out exactly what data was exposed.
Balic admitted he got ahold of information from 1,000 users, but insists he had no malicious intentions for the data. "In some of the media news I watch/read that whether legal authorities were involved in its investigation of the hack," he wrote. "I’m not feeling very happy with what I read and a bit irritated, as I did not done this research to harm or damage."
Clearly distraught, Balic also took to Twitter to try and set the record straight.
Apple!! This is definitely not an hack attack !!!!!!!!!!!! I am not an hacker, I do security research :@ http://t.co/hkX8mwXTgj @mikebutcher
— ibrahim BALİÇ (@ibrahimbalic) July 22, 2013
thank you for all crtiques and supports hope everyone understood my intention and that this event will be over without anydamage 2 anyone :(
— ibrahim BALİÇ (@ibrahimbalic) July 22, 2013
He also posted a YouTube video (above) explaining the whole ordeal. In what could be a sloppy oversight, the YouTube video showed developer names and IDs.
Apple hasn't responded to Balic's claim, so there's no knowing if it's legitamate at this point. But his explanation is in line with the sequence of events, and he has history as a white hat hacker. Last May, Balic detected and reported a comment bug on Facebook, which got his name included on Facebook's 2012 whitehat list—a list of names that have spotted security flaws in exchange for a bug bounty.
Apple said it took the developer site down to investigate the issue, and "rebuild and strengthen" security. The company plans to "completely overhaul" its developer systems to prevent another security threat.