After Security Breach on Developer Site, Apple Creates Status Page
Apple’s developer site experienced a security breach last week, and it still hasn’t fully recovered. The site is in its eighth day of downtime as the company works to get everything back online and prevent a similar incident from happening in the future.
The site—which provides resources, information, support, and downloads to more than a quarter of a million third-party developers who create applications for the company—is offering some services, but the majority of its systems have been down since July 18.
The shutdown was apparently the result of a hacking incident by a security researcher, who claims he reported the bugs to Apple to show that its system was leaking user information. Apple said any sensitive personal information of registered developers was encrypted and had not been compromised, but it was possible that the names, mailing addresses, or email addresses of some developers could have been accessed.
Late Wednesday, Apple released a statement apologizing for “the significant inconvenience” the outage caused software developers and said employees have been “working around the clock to overhaul our developer systems, update our server software, and rebuild our entire database.”
Apple said updates will be rolled out, but no timetable was provided. Top priority is being given to Certificates, Identifiers & Profiles; Apple Developer Forums; Bug Reporter; pre-release developer libraries; and videos. After that, software downloads will be restored, giving developers the opportunity to continue their work on the latest betas of iOS 7, Xcode 5, and OS X Mavericks, followed by remaining systems.
The statement announced the creation of a status page showing which systems have been restored so far. As of 1 p.m. today, only two of the fifteen systems—iTunes Connect and Bug Reporter—were shown as being online, suggesting there could be some prolonged downtime before the entire site is functional again.
An iOS developer who wants to remain anonymous told TechCrunch that iTunes Connect was never affected by the forced outage. As for how developers are handling the shutdown, “the dev downtime has not hindered our development or iTunes store submission,” the tipster said, but developers needing to update certificates and provisioning files “might be hurting a bit.”
In the meantime, Apple said it was “completely overhauling” its security to be sure any leaks are plugged.