8 Comments

Summary:

The security of Apple’s Developer Center website was breached on Thursday and three days later, Apple explains why it continues to be offline.

Apple Developer Website Outage

Apple’s developer website has been offline for over three days, and it took some public hue-and-cry from the Apple blogging community and top developers before the Cupertino, Calif.-based company shared the reasons why the website continues to remain offline: it was hacked.

Apple says that despite the fact that developers’ personal information was encrypted and cannot be accessed, it cannot for sure say that the breach didn’t impact some developers.

In an email sent to developers on Sunday, Apple wrote:

Apple Developer Website Update

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.

For most major platform owners, developers are a vital and crucial component of their ecosystem. And that is why Apple’s inability to communicate the problems with its developers is a head-scratcher. Once can appreciate the enormity of the task of trying to make things right, but still: why wait for three days to let the community know?

It is during such times that Apple needs to shed its shroud of secrecy and become communicative, especially to a community that is akin to the serum against rival platforms.

  1. SurfBarbaraStyle Sunday, July 21, 2013

    Down three days restoring and reinforcing its server and such

  2. Elia Freedman Sunday, July 21, 2013

    As an iOS developer I would have loved to know earlier. At the same time, though, I didn’t want misunderstandings and gut reactions, I wanted to know what the issue was. Maybe Apple knew and just didn’t say. But I would bet they were still trying to figure out the extent of the issue before notifying us. I’m no security expert but I can’t imagine tracking down and understanding the full extent of a breach is easy nor trivial.

    1. Elia

      Great points. My argument here is that they need to be more open about situations such as this and they need to update their playbook about communications.

      1. Om,

        I agree with you. They should have informed their dev community (as you pointed out, a crucial part of their ecosystem) of the breach as soon as they confirmed that it was indeed a security breach. Waiting to give details is fine, but I’m sure that many members of the community would have reset their passwords to other accounts using the same e-mail address as soon as they found out.

  3. numberdirect Monday, July 22, 2013

    This was bound to happen, by being the biggest tech company in the World, you make yourself the biggest tech target in the World also!

  4. I lost trust in Apple long ago when they never even had 2factor authentication.. which is an easy task for a company like Apple.

  5. Also no word on the Investor pages of their Web site as of 7/22 AM.

Comments have been disabled for this post