Incident Details

Incident: Apple Developer Portal Hacked, User Information Potentially Stolen

Published Date: 2013-07-22

Postmortem Analysis
Timeline	1. The software failure incident of the Apple Developer portal being hacked happened in July 2013 [Article 20084].
System	1. Apple's Developer portal at developer.apple.com 2. Apple's server software 3. Apple's database of developer information 4. Developer IDs used to access the portal 5. iTunes Connect service 6. Apple's web services 7. Apple's security defenses
Responsible Organization	1. The software failure incident at Apple's Developer portal was caused by a Turkish security researcher named Ibrahim Balic, who claimed to have hacked the portal to demonstrate its vulnerability and leaked user information [20084].
Impacted Organization	1. Apple's Developer portal and its 275,000 registered third-party developers were impacted by the software failure incident [20084].
Software Causes	1. The software cause of the failure incident was a hack on Apple's Developer portal, leading to unauthorized access to developer information such as names, mailing addresses, and email addresses [20084].
Non-software Causes	1. The Apple Developer portal was hacked by a Turkish security researcher, Ibrahim Balic, who demonstrated that the system was leaking user information [20084]. 2. The hack led to the potential exposure of developers' names, mailing addresses, and email addresses [20084]. 3. The breach could have allowed hackers to upload malicious apps to the App Store if they successfully broke into a developer's ID [20084]. 4. The incident raised concerns about phishing attacks that could compromise apps uploaded to the App Store [20084]. 5. The hack did not lead to access to developer code [20084].
Impacts	1. Personal information of Apple's registered developers, including names, mailing addresses, and email addresses, may have been accessed by the intruder who attempted to secure this data [20084]. 2. The hack led to the Apple Developer portal being offline for an extended period, causing inconvenience to developers who use the platform for various activities such as downloading new software versions and accessing forums [20084]. 3. Developers reported receiving password resets against their Apple IDs, indicating that the hacker or hackers may have copied key details and attempted to exploit them [20084]. 4. There was a risk that if the hacker gained access to developer IDs, they could potentially upload malicious apps to the App Store, although Apple clarified that the hack did not lead to access to developer code [20084]. 5. The incident raised concerns about the security of Apple's web services and the potential for phishing attacks targeting developers, which could compromise the integrity of apps on the App Store [20084].
Preventions	1. Implementing regular security audits and penetration testing to identify and fix vulnerabilities before they can be exploited by hackers [20084]. 2. Promptly addressing and fixing reported bugs and security issues to prevent potential breaches [20084]. 3. Enhancing user authentication mechanisms, such as implementing multi-factor authentication, to add an extra layer of security [20084]. 4. Educating developers and users on best practices for securing their accounts and data, including using strong, unique passwords and being cautious of phishing attempts [20084]. 5. Keeping software and server systems up to date with the latest security patches and updates to mitigate known vulnerabilities [20084].
Fixes	1. Apple can fix the software failure incident by completely overhauling their developer systems, updating their server software, and rebuilding their entire database of developer information [20084]. 2. Implementing stronger security measures to prevent future attacks, such as regularly conducting security audits, patching vulnerabilities, and enhancing user authentication protocols [20084]. 3. Enhancing communication with developers and promptly addressing reported bugs and security vulnerabilities to prevent potential breaches [20084].
References	1. Apple's official statement to developers [Article 20084] 2. Turkish security researcher, Ibrahim Balic [Article 20084] 3. Marco Arment, a high-profile app developer [Article 20084]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	multiple_organization	(a) The software failure incident related to a hack on Apple's Developer portal in 2013 was the first known breach against any of Apple's web services [20084]. This incident was significant as it led to the portal being offline for an extended period, with speculation initially suggesting a database crash before it was confirmed as a hack. Apple took steps to overhaul its developer systems, update server software, and rebuild the entire database of developer information to enhance security measures. (b) The incident involving the hack of Apple's Developer portal in 2013 was part of a broader trend where high-profile companies were increasingly becoming targets of skilled hackers. The article mentions other incidents such as Sony's PlayStation Network being shut down in 2011 due to a hack, the Ubuntu forums being hacked, and the Nauruan government's website being hacked by the hacking collective Anonymous. These incidents highlight the growing risk of cyber attacks faced by both large and small organizations [20084].
Phase (Design/Operation)	design, operation	(a) The software failure incident related to the design phase can be attributed to the hack on Apple's Developer portal. The incident was caused by vulnerabilities in the system that allowed a Turkish security researcher to demonstrate that user information was leaking due to bugs in the system design. The researcher reported 13 bugs to Apple, but the company did not address them in time, leading to the breach [20084]. (b) The software failure incident related to the operation phase is evident in the unauthorized access to developers' personal information, including names, mailing addresses, and email addresses. This breach occurred due to an intruder attempting to secure personal information of registered developers, indicating a failure in the operation and security measures of the system [20084].
Boundary (Internal/External)	within_system, outside_system	(a) within_system: The software failure incident reported in the article was due to contributing factors that originated from within the system. The incident involved a hack on Apple's Developer portal, where an intruder attempted to secure personal information of registered developers. The breach led to the potential exposure of developers' names, mailing addresses, and email addresses. Apple mentioned that they are completely overhauling their developer systems, updating server software, and rebuilding the entire database of developer information [20084]. (b) outside_system: The software failure incident was also influenced by factors originating from outside the system. The hack on Apple's Developer portal was carried out by an external party, a Turkish security researcher named Ibrahim Balic. Balic claimed that his intention was not attacking but to demonstrate that Apple's system was leaking user information. He reported multiple bugs to Apple but did not receive any response before the site was taken down. This external intrusion led to the potential exposure of developers' personal information [20084].
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident related to non-human actions in this case was a hack on Apple's Developer portal. The portal was hacked by an intruder who attempted to secure personal information of registered developers. The hacker managed to access developer names, mailing addresses, and email addresses. Apple mentioned that the breach led to an attempt to secure personal information, and they were completely overhauling their developer systems, updating server software, and rebuilding the entire database of developer information [20084]. (b) The software failure incident related to human actions in this case involved a Turkish security researcher named Ibrahim Balic. Balic claimed responsibility for the hack on Apple's Developer portal but stated that his intention was to demonstrate that Apple's system was leaking user information. He reported finding 13 bugs and directly reported them to Apple. Balic mentioned that he had not heard anything from Apple after reporting the bugs and that the dev center got closed shortly after his reporting. He emphasized that his aim was to report bugs and collect data to see how deep he could go with it [20084].
Dimension (Hardware/Software)	software	(a) The software failure incident reported in the articles was not attributed to hardware issues. The incident was primarily related to a security breach where Apple's Developer portal was hacked, leading to potential unauthorized access to developer information [20084]. (b) The software failure incident was caused by contributing factors originating in software, specifically vulnerabilities in Apple's system that allowed a security researcher to demonstrate that user information was leaking. The incident involved the exploitation of bugs in the system, leading to the breach and subsequent actions taken by Apple to overhaul their developer systems, update server software, and rebuild the database of developer information [20084].
Objective (Malicious/Non-malicious)	malicious, non-malicious	(a) The software failure incident related to the Apple Developer portal being hacked is considered malicious. The incident involved an intruder attempting to secure personal information of registered developers, potentially accessing developers' names, mailing addresses, and email addresses. The hacker or hackers managed to copy key details and were trying to exploit them, including sending password resets against Apple IDs. There were concerns that if the hackers successfully broke into a developer's ID, they might be able to upload malicious apps to the App Store. The hacker behind the incident claimed that his intention was not attacking, but the actions taken clearly indicate malicious intent [20084]. (b) The software failure incident can also be considered non-malicious to some extent. The Turkish security researcher who claimed responsibility for the hack stated that his intention was to demonstrate that Apple's system was leaking user information. He reported 13 bugs to Apple directly and waited for approval before the developer center was closed. The researcher mentioned that his aim was to report bugs and collect data to see how deep he could go with it, indicating a non-malicious intent from his perspective [20084].
Intent (Poor/Accidental Decisions)	unknown	(a) The intent of the software failure incident: - The software failure incident involving the hack of Apple's Developer portal was not due to poor decisions but rather an intentional action by a Turkish security researcher named Ibrahim Balic. Balic claimed that his intention was not attacking but to demonstrate that Apple's system was leaking user information. He reported 13 bugs directly to Apple and waited for approval before the site was taken down [20084]. (b) The intent of the software failure incident: - The software failure incident was not accidental but rather a deliberate action by the security researcher Ibrahim Balic. Balic stated that he found 13 bugs, reported them to Apple, and waited for approval before the site was taken down. His intention was to report bugs and collect data to see how deep he could go with it, rather than causing harm [20084].
Capability (Incompetence/Accidental)	development_incompetence, accidental	(a) The software failure incident related to development incompetence is evident in the Apple Developer portal hack incident. The Turkish security researcher, Ibrahim Balic, demonstrated that the Apple system was leaking user information by exploiting vulnerabilities in the system. Balic reported 13 bugs directly to Apple, but the company did not respond, and the developer center was closed after his reporting. This lack of timely action by Apple despite being informed about the vulnerabilities showcases a failure due to contributing factors introduced by the development organization [20084]. (b) The accidental aspect of the software failure incident is highlighted by the fact that some developers reported receiving password resets against their Apple ID, indicating that the hacker or hackers had managed to copy key details and were attempting to exploit them. This accidental breach of sensitive information could lead to potential exploitation of developer IDs through phishing attacks, posing a danger to the security of apps uploaded to the App Store [20084].
Duration	temporary	(a) The software failure incident in this case was temporary. The Apple Developer portal was offline since Thursday without explanation, leading to speculation among developers that it had suffered a disastrous database crash or had been hacked. The portal remained offline for a certain period while Apple worked on overhauling its developer systems, updating server software, and rebuilding the entire database of developer information [Article 20084]. (b) The duration of the software failure incident was not permanent as Apple took steps to address the issue and work on securing the system, indicating that the failure was temporary and not a permanent state of affairs.
Behaviour	crash, other	(a) crash: The software failure incident in the article can be categorized as a crash. The Apple Developer portal was offline without explanation, leading to speculation among developers that it had suffered a disastrous database crash [Article 20084]. (b) omission: There is no specific mention of the software failure incident being related to the system omitting to perform its intended functions at an instance(s). (c) timing: The software failure incident is not related to the system performing its intended functions correctly but too late or too early. (d) value: The software failure incident is not related to the system performing its intended functions incorrectly. (e) byzantine: The software failure incident is not related to the system behaving erroneously with inconsistent responses and interactions. (f) other: The behavior of the software failure incident can be categorized as a hack. The Apple Developer portal was hacked, leading to the potential theft of information about registered third-party developers who use it [Article 20084].

IoT System Layer

Layer	Option	Rationale
Perception	None	None
Communication	None	None
Application	None	None

Other Details

Category	Option	Rationale
Consequence	property, non-human, theoretical_consequence	(d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident involving the hack of Apple's Developer portal resulted in the potential theft of personal information of registered developers, including names, mailing addresses, and email addresses [20084]. - The hacker or hackers who breached the system could have copied key details and attempted to exploit them, as indicated by some developers receiving password resets against their Apple ID [20084]. - If the hackers successfully accessed a developer's ID, they might have been able to upload malicious apps to the App Store, posing a risk to users and potentially impacting the security and integrity of the platform [20084].
Domain	information, finance	(a) The failed system was related to the information industry as it involved Apple's Developer portal, which is crucial for developers to access resources, download software betas, and discuss problems related to Mac OS X and iOS [20084]. (h) The incident also has implications for the finance industry as developers using the same user emails and passwords for the Developer portal also have access to iTunes Connect, a service that allows developers to upload new versions of apps to the App Store [20084]. (m) The incident is not directly related to any other industry mentioned in the options provided.

Sources

Apple Developer site hack: Turkish security researcher claims responsibility - The Guardian - Published on: 2013-07-22
Article ID: 20084

Back to List