Last month, security researcher Ibrahim Balic claimed to be the one responsible for taking down Apple’s Developer Center as he pointed out some major security flaws in the website that allowed him to gather full names and Apple IDs. Today, Apple has officially credited Balic on its Server Notifications page for pointing out its developer portal’s information disclosure issue (via 9to5Mac).
An information disclosure issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT – http://www.balicbilisim.com) for reporting this issue.
When Balic first highlighted the security flaw, Apple did not immediately respond to his report. He then went ahead and posted the details to YouTube and discussed them on Twitter. That video has however been taken down now. When Apple’s Developer Center went offline, the company notified developers via email about the intrusion, saying that it is working round the clock to fix the security breach.
“In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.”
The services were eventually restored on 10th of this month, with members of the program receiving a one month extension each as a result of the downtime.