Earlier today Apple acknowledged a hack took place on their developer portal and said although critical App Store sale information was encrypted, some names and addresses might have been exposed.
Marco Arment points to this comment on TechCrunch from UK security researcher Ibrahim Balic, who claims he might have been the one that triggered Apple to immediately address the developer centre exploit, as part of his bug reporting to the company. He notes how after four hours of releasing his report the developer portal was shut down. Below is an excerpt from his comment:
One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example.
4 hours later from my final report Apple developer portal gas closed down and you know it still is. I have emailed and asked if I am putting them in any difficulty so that I can give a break to my research. I have not gotten any respond to this… I have been waiting since then for them to contact me, and today I’m reading news saying that they have been attacked and hacked. In some of the media news I watch/read that whether legal authorities were involved in its investigation of the hack. I’m not feeling very happy with what I read and a bit irritated, as I did not done this research to harm or damage. I didn’t attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn’t attempt to get the datas first and report then, instead I have reported first.
Balic has released a video showcasing the developer center bug he discovered and wants to make it known he never had malicious intentions but rather was reporting his findings to Apple:
What do you think? Is this a coincidence or do you think Balic’s story adds up?