For three days now, anyone trying to access Apple's members-only developer page has been greeted with the following message:
And on Sunday, the company finally explained why: Their developer site was the target of a hack that may have compromised the security of some development site users' names, email addresses, and mailing addresses. And while the company says that any sensitive information taken is safely encrypted, some developers with accounts at the site have reported unauthorized, and repeated, password reset requests. Here's Apple's full message on the security breach:
We’ll be back soon.
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
If your program membership was set to expire during this period, it has been extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us.
Thank you for your patience.
The extended site outage comes at a bad time for many developers, who, among other things, can't access a beta version of iOS 7 (or, for that matter, discuss their work related to it on the developer forums). Users are also shut out from downloads, help guides, membership renewal, and the ability to update expired certificates. And while that's bad enough, many developers now are wondering why the company took so long to notify them of the security breach. The company, for its part, is emphasizing that no customer data, including credit cards, were compromised, and said that they waited to alert developers about the hack so that they could look into what, exactly, was compromised first. So far, as TechCrunch reports, there haven't been any reports of developer accounts being used maliciously, which is one of the few bits of good news here for developers who use the site for their jobs. On the other hand, there's no word on when the company expects to have the site back online.