Apple restores developer site taken offline after attack
Apple late on Friday restored key sections of its developer website, including the download center, more than a week after it took the portal offline.
By Friday evening, the iOS, Mac and Safari Dev Centers were again operational, as were areas dedicated to software downloads, digital certificates, and Apple's bug-reporting system.
About half the site remained offline, however, including the developer-to-developer discussion forums.
The restoration of the iOS, Mac, and Safari Dev Centers, along with Software Downloads, gave developers access to programming tools and the prerelease builds of iOS 7 and OS X Mavericks, the mobile and desktop operating systems Apple will upgrade this fall.
Apple took the developer website down on July 18, but did not reveal the cause until Sunday, July 22, when it confirmed "an intruder attempted to secure personal information of our registered developers from our developer website."
Investigating data loss
The company said that "sensitive personal information" had been encrypted, and was not at risk, but it would not rule out that some developers' names, email addresses and mailing addresses had been stolen. Apple has not identified the attacker or attackers, or how they gained access to the site.
A self-described consultant named Ibrahim Balic claimed responsibility, but asserted he had been researching vulnerabilities in Apple's online services when he uncovered a bug and reported it to the company. According to Balic's timeline, Apple shuttered the site shortly after he reported the vulnerability. By his own admission, Balic had continued to collect developers' personal information even after he flagged the flaw.
Some have questioned Balic's confession, pointing out that none of the email addresses he supposedly swept from Apple's site can be linked to actual accounts, implying that Balic misrepresented his exploit.
On Wednesday, Apple emailed all its developers, telling them that it planned to restore the website in stages, and that it had created a new status page showing the operational standing of the domain's services.
At the time, Apple also pledged to overhaul the developer portal to harden the website against future attacks.