Apple developer center 'under maintenance' amid reports of potential hack
Apple on Wednesday removed a number of online developer tools from circulation, saying the assets are down for maintenance, but some members are reporting troubling changes to account details that hint at a potential security breach.
While the main landing page for Apple’s developer portal is accessible, a number of vital account services are not. A system status webpage notes maintenance is in progress for Account, Bug Reporter, Certificates, Identifiers & Profiles, Code-level Support, Program Enrollment and Renewals, Software Downloads and Xcode Automatic Configuration.
Details are scarce, but services affected by the downtime have been offline since 11:30 a.m. Pacific. Apple provides no further information, saying only that, “Due to maintenance, some services are unavailable.”
On Twitter, however, developers are reporting strange account modifications that suggest Apple might be dealing with a hack. Notably, the physical address listed on a number of individual accounts have been updated to an address in Russia — bul. Novatorov, Saint Petersburg, Leningrad 198216.
No building number is attached to the address, though the area appears to be home to a number of businesses.
The unannounced maintenance comes at a critical time for Apple, which is widely expected to release next-generation operating systems at an event next week. That the company would take down major developer assets willingly and without notice so close to launch seems unlikely.
Apple’s developer portal was the target of a hack in 2013. Much like today’s downtime, Apple during the 2013 breach pulled the online resource without explanation, saying only that the website was undergoing maintenance. Developers were kept in the dark for two days before Apple revealed the intrusion.
At the time, Apple assured developers that sensitive information was encrypted, though the company was unable to determine whether developer names and addresses were leaked. A day later, a self-professed security researcher admitted to leveraging one of 13 undiscovered bugs on the developer website to glean user details, which were subsequently reported to Apple.