Skip to main content

Security researcher claims to have accessed full names, Apple IDs and user IDs of developers and non-developers

Screen Shot 2013-07-22 at 9.34.44 AM

Security researcher Ibrahim Balic is claiming to have reported a Developer Center security hole just hours before the portal went down.

After reviewing the information and speaking with Balic, it seems as if Apple’s website could be breached through a simple unescaped injection attack. We haven’t seen the script ourselves, so this isn’t completely confirmed.

Balic was able to access first and last names, Apple IDs/email addresses, and user IDs. From the information he showed in a YouTube video (update: the video has now been taken down) and what he described to me in an email, the leak does not show any other information.

In an email to me, Balic also states that the exposed Apple IDs belong to developers as well as regular users. His YouTube video description stated he was able glean over 100,000 users’ information, but is planning on deleting all of the information.

He is insistent in stating he did this for security research purposes and does not plan to use the information in any malicious manner.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel