clock menu more-arrow no yes

Filed under:

Report: Turkish researcher admits to Apple Developer Center hack (update)

New, 9 comments

A Turkish security researcher has come forward saying he is responsible for hacking Apple's Developer Center last week, stating he did so to expose flaws in Apple's system, reports The Guardian.

The report states that researcher Ibrahim Balic posted a video to YouTube, which has since been marked private, in which he demonstrates the ways in which Apple's site was vulnerable. The Guardian also states the video shows developer names and IDs, although a handful of the displayed emails belong to "long-deprecated services" like Freeserve and Mindspring.

"I have reported all the bugs I found to the company and waited for approval," Balic said in the video, showing a screenshot of a bug filing dated July 19, the day after the developer portal was pulled. "I think you should fix it as soon as possible."

Balic later took down the video, stating he did not mean to share the confidential information.

"My intention was not attacking," Balic told The Guardian. "In total I found 13 bugs and reported [them] directly one by one to Apple straight away. Just after my reporting [the] dev center got closed. I have not heard anything from them, and they announced that they got attacked. My aim was to report bugs and collect the datas [sic] for the purpose of seeing how deep I can go with it."

In an email to developers late Sunday night, Apple wrote that "an intruder attempted to secure personal information of our registered developers...[and] we have not been able to rule out the possibility that some developers' names, mailing addresses and/or email addresses may have been accessed." Some users also received emails asking them to reset their Apple ID passwords, suggesting some personal details were leaked. However, the company confirmed that the hack did not compromise any developer code.

Apple also stated it would begin "completely overhauling our developer systems, updating our server software, and rebuilding our entire database [of developer information]."

Polygon has reached out to Apple for more information and will share details as we receive them.

Update: Reader Andrew found a cached version of Balic's video on Archive.org and shared it with us. It can be viewed here. Thanks, Andrew!