Apple developer site targeted in security attack, still down

Apple says its developer site was targeted in an attack, and that any information that was taken was encrypted. The site remains down.

Josh Lowensohn Former Senior Writer
Josh Lowensohn joined CNET in 2006 and now covers Apple. Before that, Josh wrote about everything from new Web start-ups, to remote-controlled robots that watch your house. Prior to joining CNET, Josh covered breaking video game news, as well as reviewing game software. His current console favorite is the Xbox 360.
Josh Lowensohn
2 min read

Apple's site for developers was attacked by an intruder last week, the company said Sunday.

In a note to developers, the company said that an "intruder" tried to gain access to developer information, prompting the company to take the service down. Sensitive information on that site was encrypted, Apple said, however it's keeping the site down while security is being hardened. No estimate was provided for when it will be back up.

Apple sent the following to developers on Sunday, detailing some of what happened:

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.

An Apple spokesman told CNET that the company's developer Web site is "not associated with any customer information" and that "customer information is securely encrypted."

Apple's developer site is home to software downloads, documentation and forums for third-party software developers. The site became inaccessible to registered developers last Thursday, causing angst for users who could not access those features. On Friday the company noted that it would be extending membership periods to cover the outage, and that any published software would not be removed.

The attack comes as Apple's gearing up for two new major releases of iOS and OS X. Developers have been readying their software for the new versions of those operating systems in time for their official release, which Apple has said will come in the fall.

The outage sparked some concerns about there being a larger, behind the scenes security issue. Those concerns, which turned out to be well-founded, were amplified by scattered reports from users saying they had received password reset e-mails, suggesting others were attempting to gain access to their Apple ID accounts.

CNET will keep you updated with additional details as they come.

Updated at 3:50 p.m. PT with additional background and comment from Apple.