Security researcher Ibrahim Balic is claiming to have reported a Developer Center security hole just hours before the portal went down.
After reviewing the information and speaking with Balic, it seems as if Apple’s website could be breached through a simple unescaped injection attack. We haven’t seen the script ourselves, so this isn’t completely confirmed.
Balic was able to access first and last names, Apple IDs/email addresses, and user IDs. From the information he showed in a YouTube video (update: the video has now been taken down) and what he described to me in an email, the leak does not show any other information.
the video is now removed from youtube, i appoligise for sharing some of the confidential information, i had to, to proof the blames wrong—
ibrahim BALİÇ (@ibrahimbalic) July 22, 2013
In an email to me, Balic also states that the exposed Apple IDs belong to developers as well as regular users. His YouTube video description stated he was able glean over 100,000 users’ information, but is planning on deleting all of the information.
He is insistent in stating he did this for security research purposes and does not plan to use the information in any malicious manner.