After 3 days of silence as to why the iOS Developer Center has been down, Apple has just confirmed that they are investigating a security breach.
Developers just began receiving the email below; Apple has confirmed to us that the e-mail is legitimate.
According to the email, Apple detected a security breach on its Dev Center servers on Thursday. While most of the information on the servers was encrypted and Apple claims it’s safe, they do say that the hacker(s) may have accessed developer’s names, addresses, and email addresses.
Though we’ve yet to hear any reports of any individual accounts being used maliciously, it seems the intruders might already be attempting to use the accessed data to their advantage; since the developer center went down on Thursday, we’ve heard dozens of reports of developers receiving unsolicited password reset requests. A quick search on Twitter turns up dozens more.
Update — Just got off the phone with an Apple rep, who confirmed a bit more:
- The hack only affected developer accounts; standard iTunes accounts were not compromised
- Credit card data was not compromised
- They waited three days to alert developers because they were trying to figure out exactly what data was exposed
- There is no time table yet for when the Dev Center will return