Apple’s Dev Center mysteriously went down for several days last week, and the Cupertino company revealed over the weekend that “an intruder attempted to secure personal information of our registered developers.” The site was closed immediately so that the potential for further threats could be eliminated.
It looked like Apple’s website had been hacked by someone trying to obtain our personal data, but according to one security researcher, it was his discovery of 13 bugs in the system which prompted the company to take action.
“My name is Ibrahim Balic, I am a security researcher,” Balic wrote in a comment on a TechCrunch article. “I do private consulting for particular firms. Recently I have started doing research on Apple, Inc.”
“In total I have found 13 bugs and have reported through http://bugreport.apple.com. The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I’ve also added screenshots.”
Balic claims one of the bugs provides access to user details, and in an effort to prove that he wasn’t bluffing, he provided Apple with information on 73 users — all Apple employees — that was taken from its system.
Four hours later, the Dev Center went down. Balic insists he did not “hack” Apple’s website, and that he does not intend to publish or share the personal details he has obtained as proof that the bug exists.
“I have emailed and asked if I am putting them [Apple] in any difficulty so that I can give a break to my research. I have not gotten any responce to this… I have been waiting since then for them to contact me, and today I’m reading news saying that they have been attacked and hacked,” Balic writes.
“I’m not feeling very happy with what I read and a bit irritated, as I did not do this research to harm or damage. I didn’t attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the data for the purpose of seeing how deep I can go within this scope.”
Balic has also published a video to explain he is not a hacker, but a security researcher:
While Balic may have your name, address, and email address, then, he doesn’t intend to do anything malicious with it. He only took it to prove to Apple that there was a major flaw in its system, and he clearly doesn’t want to be considered a “hacker.”
But maybe he should have allowed to establish whether the bug was genuine before he took the evidence.