Apple just started sending out the above explanation for the Developer Center outage that has been going on since Thursday. According to the note, Apple’s security was breached and an intruder might have gotten some personal information (specifically names, mailing addresses, email addresses, etc.). In the spirit of (just a bit late) transparency, Apple is now informing developers who may have been affected.
Seems that the hackers attempted to use the stolen info: multiple people say they've received Apple ID password resets in recent days.—
Mark Gurman (@markgurman) July 21, 2013
Also, because of the intrusion, Apple has decided to totally overhaul its developer systems, including updating server software and rebuilding databases seemingly from scratch. That would explain the significant, now over 4-day, outage.
Apple expects the developer site to be up soon. The full address is below:
Apple Developer Website Update
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
Apple did confirm to Macworld that the website that was breached was not associated with any customer information; all customer information is securely encrypted, a company spokesperson said. The attacker also did not have access to app code, or the servers where app information is stored, Apple told Macworld. The company declined to comment on whether legal authorities were involved in its investigation of the hack.
Update 2: Apple has updated the Developer Center maintenance page with the contents of the email sent out to developers earlier. In addition, they note that all program memberships that were set to expire have been extended. Of note, the length of the extension isn’t mentioned, unlike previous emails which stated the extension would be one week long.