Apple’s Developer Center is still down for maintenance after the company explained it is currently overhauling their server security after they discovered a hacking attempt to extract user information. That was possibly linked to a UK security researcher, who has now shared details of his findings to TechCrunch, explaining the breach could be related to Apple’s iAd Workbench:
That little security issue is centered around Apple’s iAd Workbench, a recently launched tool that lets users craft and target iAd campaigns to better build hype around their iOS apps. Balic discovered that if you manipulated a request sent to the server that runs Workbench, it would allow you to try to add a new user to the account. From there you could try throwing in first names, last names — whatever really — and the server would then respond with a full name and email address. Once Balic understood the full scope of the problem, he (and this is where his rationale loses me a bit) wrote a Python script to scrape all the data he could find and showed some of it on YouTube.
TechCrunch and Ibrahim Balic, the security researcher in question have both emailed some of the contacts extracted from Apple’s Developer Center, but neither have heard a response. Apple did speak out about the breach yesterday to confirm no App Store purchase info was compromised, but rather names, emails and addresses. As of writing, the Developer Center is still down for the count. Stay tuned.