Apple said last night its website for third-party developers was accessed by an “intruder.” Now a man who calls himself a security researcher says he was the so-called intruder but that he was testing for holes in Apple’s system and reported his findings to the company through standard channels. If true, it seems Apple did not appreciate his help.
The man, who outed himself in comments on a TechCrunch post, wrote:
My name is ibrahim Balic, I am a security researcher. You can also search my name from Facebook’s Whitehat List. I do private consulting for particular firms. Recently I have started doing research on Apple inc.
In total I have found 13 bugs and have reported through http://bugreport.apple.com. The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I’ve also added screenshots.
One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example.
But then Balic goes on to say that after reporting the security hole to Apple, he went on to download the user information of more than 100,000 developers to see how buggy Apple’s site actually was.
This story was already weird — first, Apple claimed the site was “down for maintenance,” then it waited three days before alerting developers that some personal data of theirs may have been accessed — but now it’s even weirder. Balic insists he is not a hacker and that he was just “testing” Apple’s security. But if Apple didn’t ask for the help, that may explain its reaction and treating the downloading of its developers information as a hack.