That’s obviously a nuisance for any coder, but what really put the cat amongst the pigeons were tweets by some developers that prior to the downtime, their developer account profiles had been updated without their permission, pointing to an address in Russia.
— Dal Rupnik (@TheLegoless) September 6, 2017
— Kais K. (@Kaiusee) September 6, 2017
Is this a malicious hack or some more down-to-earth internal goof that has caused some Apple developers to see the wrong contact information on their profile?
Probably only Apple can answer that question with certainty, but it’s important to note that even if some accounts were compromised to have a postal address of “Saint Petesburg” (sic), that’s a different scale of threat from there being an inherent vulnerability in the Apple Developer portal that could be exploited on a grand scale.
I think everyone should be careful about leaping to the conclusion that a site has been hacked, because - without the right evidence - it can lead to panic and poor decisions being made. It’s all too easy with social media to throw a snowball and for it to grow into an avalanche.
Hopefully Apple will be able to shed more light on what happened (and what didn’t happen) in the coming hours.
What they won’t want is the kind of kerfuffle we saw four years ago when a Turkish security researcher claimed to have found a flaw in the Apple Developer Centre site that allowed him to retrieve information on more than 100,000 users.
At least this latest problem has come to light now, rather than next week when Apple will take to the stage in California to announce an array of new products, including the iPhone 8. Imagine how much more of a nuisance that would have been.
Update: Apple has blamed the incident on a software bug.