Google Ads
Google Ads

UK-based Security Researcher Takes Responsibility For "Hacking" Apple's Developer Centre But Stole No Data

UK-based Security Researcher Takes Responsibility For "Hacking" Apple's Developer Centre But Stole No Data

On Sunday Apple spoke out about how its Developer Centre was the centre of an attempt to steal personal information about registered developers. On Sunday Apple emailed developers and revealed this is why the Developer Centre had been offline and still is offline nearly a week later.

Apple seemed to be fairly transparent on this issue and acknowledged that the security flaw may have given the intruder access to developers personal information such as their name, mailing addresses and email addresses which are assigned to their developer accounts.

Now it seems that security researcher, Ibrahim Balic who is based in the United Kingdom is claiming he was the reason behind the Developer Centre outage but Balic also claims Apple took the whole thing out of context.

Balic had recently discovered 13 security bugs from Apple’s system and that included a bug which in the right hands could expose developers personal information, when he reported this hole within the system he demonstrated it by getting access to 73 sets of personal information from Apple employees developer accounts. 73 was only for demonstration purposes and at the point when Balic reported this issue to Apple he had managed to get his hands on 100,000 users personal information but  he is keen to point out that this information was gained for research purposes only and at no point planned on doing anything malicious with the information.

To backup his research Balic also released a video on Youtube showing him accessing developers information. This video was then deleted but lucky someone else re-uploaded it and like Apple said you can see him getting access to developers personal information such as their, names and email address.


This is Balic’s full response to Apple releasing there announcement about being hacked

Hi there,

My name is ibrahim Balic, I am a security researcher. You can also search my name from Facebook’s Whitehat List. I do private consulting for particular firms. Recently I have started doing research on Apple inc.

In total I have found 13 bugs and have reported through The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I’ve also added screenshots.

One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example.

4 hours later from my final report Apple developer portal gas closed down and you know it still is. I have emailed and asked if I am putting them in any difficulty so that I can give a break to my research. I have not gotten any respond to this… I have been waiting since then for them to contact me, and today I’m reading news saying that they have been attacked and hacked. In some of the media news I watch/read that whether legal authorities were involved in its investigation of the hack. I’m not feeling very happy with what I read and a bit irritated, as I did not done this research to harm or damage. I didn’t attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn’t attempt to get the datas first and report then, instead I have reported first.

I do not want my name to be in blacklist, please search on this situation. I’m keeping all the evidences, emails and images also I have the records of bugs that I made through Apple bug-report.

It is also worth noting that this has not been confirmed by Apple and it could be these just coincidentally happened at the same time.

SourceIbrahim Balic

Be Sociable, Share!

    Related Articles

    Back to

    No comments

    Leave a Reply