This morning, Apple updated its Apple Web Server notifications page to credit security researcher Ibrahim Balic and several others for pointing out security flaws in their web servers.
Balic claimed to be responsible for taking down the Developer Center after demonstrating how security flaws in the website allowed him to gather full names and Apple IDs. After Apple did not respond promptly to his bug reports, he posted the details to YouTube and discussed them on Twitter. The video has since been taken down.
During the Developer Center’s one week outage (other services took even longer to be restored), Balic was contacted by Apple and their security team to gather more details. During initial contact with 9to5Mac back in July, he was very persistent on stating that he’s not a “hacker” and was not going to use the data for any malicious purposes. Apple, it appears, did appreciate his findings and is now crediting him on their website:
An information disclosure issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT – www.balicbilisim.com) for reporting this issue.
This listing, however, does not confirm that he was solely responsible for Apple’s take-down of the Developer Center, but Balic has told me that his “other reported bugs are waiting to be listed” on the page.
On August 10th, all services were restored in the Developer Center and members received a one month extension as a result of the downtime. The front-facing site itself did not change, but Apple spent time to rebuild the database and update software.