[Update: Apple has issued an official statement clarifying that a security breach has not taken place. “Due to a bug in our account management application, your address information was temporarily displayed incorrectly in your account details on the Apple Developer website. The same incorrect address was displayed to all affected developers. The underlying code-level bug was quickly resolved and your address information now shows correctly. There was no security breach and at no time were the Apple Developer website, applications, or services compromised; nor were any of your Apple Developer membership details accessed by, shared with, or displayed to anyone”.]
Apple’s Developer Center website was down for maintenance for a number of hours yesterday, although the main landing page was still open and navigable during that time. The outage affected a number of online developer resources including Account, Bug Reporter, Certificates, Identifiers & Profiles, Code-level Support, Program Enrollment and Renewals, Software Downloads and Xcode Automatic Configuration. The system status webpage currently reports that maintenance has been completed for the aforementioned services.
Apple’s Developer Center provides resources and services to developers working on the iOS and macOS platforms. At around 11:30 a.m. PST, Apple took a number of core services offline without explanation, only offering the generic notification to developers that, “Due to maintenance, some services are unavailable.”
A number of confused Apple developers took to Twitter to report that their accounts had undergone suspicious modifications. Of particular note was the fact that their developer accounts had suddenly been registered to an incorrect address in St. Petersburg, Russia. The specific address– bul. Novatorov, Saint Petersburg, Leningrad 198216– points to a business district within the city, leading some to surmise that Apple’s developer accounts had been hacked.
— Dal Rupnik (@TheLegoless) September 6, 2017
@apple developer account addresses are all showing an address in Russia…
— David Negron (@dave_negron) September 6, 2017
— Kais K. (@Kaiusee) September 6, 2017
The developer portal has been back online as of 3:30 p.m. PST. As of now, Apple has not offered an explanation for the Russian address or the maintenance outage, which came without prior warning and at an inconvenient time– just after Apple had released the tenth beta of iOS 11 for developers. iOS 11, which will bring a bevy of changes including augmented reality capabilities to the iPhone and the iPad, is scheduled for release a week after the tenth-anniversary iPhone event on September 12.
The fact that Apple is due to release its next-generation software platform so soon has also raised questions and prompted speculation about whether the move was an unplanned response to a malicious intrusion by hackers rather than a simple internal malfunction.
This is not the first time that Apple’s developer portal has been down. In 2013, Apple similarly took its Developer Center website offline for days without explanation. The company later sent an email to developers admitting that an intruder had exploited flaws in its security, though it assured them that “sensitive personal information” like credit card data had been securely encrypted and inaccessible. According to that email, Apple was unsure whether the hacker had been able to access developer names, addresses, and email addresses.
Later, a self-professed security researcher in London, Ibrahim Balic, came forward and revealed that he had been behind the intrusion and that he had reported a total of 13 security bugs to Apple.